Crédit Agricole gets Trained in Cybersecurity with a Former GIGN Negotiator

Three days of intensive training, a former GIGN negotiator in the classrooms of Crédit Agricole: this is the unusual program that fifteen executives from the French banking group took part in. A novel approach to strengthening the bank's security and getting ready for the new requirements of the European DORA regulation, which will come into force in 2025. 

"Until recently, we were solely responsible for cyber crisis management at the Group level, and we regularly conducted crisis drills with the supervisor and various Group entities based on technical scenarios. Our scope has expanded to include overall IT crisis management, (not just cyber) and DORA regulatory reporting, which means extra work and the need for specific expertise," explained Philippe Coué, Chief Operating Officer for Cybersecurity and IT Risks at the Crédit Agricole Group. This development is supported by 24/7 monitoring of IT incidents at Group level, requiring certain skills within the teams to be strengthened.

Faced with these challenges, Crédit Agricole turned to Inetum, a company specializing in digital services and cybersecurity. The choice was not made at random: Inetum's training offer is very comprehensive. It includes the involvement of a former GIGN negotiator, which sets it apart from the competition.

Why Call on a Former GIGN Member to Train Bankers?

The banking sector is facing a growing cyber risk. “All banks are at risk, due to the customer portfolios they manage and the confidential data they handle, and Crédit Agricole in particular because of its role as a major bank. If a bank the size of Crédit Agricole were to fall, it would have a direct impact on a country’s economy and even on the global economy,” noted Philippe Coué.

“What I was looking for was a speaker who was a former soldier, constable, or police officer, who could bring their perspective and experience of crisis management from outside the banking sector,” explained Philippe Coué. This specific expertise therefore fits into a clear rationale: improving human skills rather than technical skills.

Organized over three days, this cybersecurity training combines several approaches. Day one: presentation by an Inetum expert on response processes in the event of a cyberattack. Day two: training provided by a former GIGN negotiator on communication in situations of intense stress. Day three: teamwork with a psychological approach based on the DISC method, enabling the behavioral profiles of each individual to be identified. 

“The expertise of a former negotiator provides answers in terms of crisis management. Negotiators have experienced very significant crises, much more than we might realize,” emphasized Crédit Agricole's cybersecurity manager. The objective: to develop reflexes for managing mounting pressure, stakeholders on the edge, and an impatient senior management team. 

Soft Skills in the Face of Cyberattacks

This approach reveals a little-known fact of banking cybersecurity. “The aim of the training was not to talk about technology but to improve our human expertise,” insisted Philippe Coué.

For Romain Massari, director of Inetum's cybersecurity division, this human dimension is crucial: “At the start of the training, the client thinks they will learn very little and that Inetum will simply go over the basics. But as the training progresses, we realize that crucial debates arise, and that the participants do not necessarily all agree. It is therefore essential to sit down together to discuss these issues.”

The training revealed differences in approach between participants, creating “a lot of debate” according to Romain Massari. “One of the benefits was having frank discussions that led to greater cohesion at the end of the session compared to the beginning of the training,” confirmed Philippe Coué.

The positive feedback has encouraged the Group to repeat the experience. “I think this is a type of training that will be continued. The goal is to widen its scope, perhaps with a slightly lighter format, but with a larger number of participants.”

This initiative illustrates how the financial sector is adapting to new regulatory challenges, in which the human element is becoming as critical as technical expertise in the face of cyber threats.