- 73% of organizations that responded to the Thales survey are investing in AI-specific security tools, some with new budgets.
- Malware remains the number one threat since 2021; phishing moves into second place ahead of ransomware.
- 60% indicated that future decryption of current data and future compromise of data encryption were major concerns for quantum computing security.
Thales today released the 2025 Data Threat Report, covering the latest threats, trends, and emerging issues in data security, based on a survey conducted by S&P Global Market Intelligence 451 Research among more than 3,100 IT and security professionals in 20 countries across 15 industries. According to the 2025 report, nearly 70% of organizations consider the rapid development of the AI ecosystem , particularly generative AI, as the top security issue due to its growing adoption, followed by a lack of integrity (64%) and reliability (57%).
The findings of the Thales 2025 Data Threat Report reveal a significant focus on the impact of AI on organizational transformation, particularly generative AI. Generative AI relies primarily on high-quality, sensitive data for functions such as learning, inference, and content creation. With the emergence of agentic AI, ensuring data quality is becoming even more critical to enable AI systems to make informed decisions and take action. Many organizations are already adopting generative AI, with one-third of respondents reporting it is being integrated into their organization or is already transforming their business.
Enterprises embrace generative AI while assuming increased security risks amid rapid adoption
While generative AI raises complex data security challenges, it offers strategic opportunities to strengthen defenses. Its growing adoption reflects a shift within organizations, moving from the experimentation phase to increasingly mature operational deployment. While most respondents cite rapid adoption of generative AI as their top security concern, those in more advanced phases of its deployment do not always take the time to fully secure their systems or optimize their technology infrastructure beforehand. Driven by the desire to rapidly transform, these organizations risk unwittingly creating their own most critical security vulnerabilities.
“The rapid evolution of generative AI is forcing companies to accelerate their adoption, often at the expense of caution, in their race to stay ahead,” said Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research . “Many companies are deploying generative AI faster than they can fully understand their application architectures – a phenomenon compounded by the rapid diffusion of SaaS tools with integrated generative AI capabilities, adding layers of complexity and risk.”
73% of respondents say they are investing in AI-specific security tools, either through new budgets or by reallocating existing resources. Leaders prioritizing AI security are diversifying their approaches: more than two-thirds have acquired tools from their cloud providers, three in five rely on established security vendors, and nearly half are turning to new or emerging startups. Generative AI security has quickly emerged as a spending priority, securing the second-highest priority and coming in just behind cloud security. This shift signals a growing awareness of AI-related risks and the need for specialized defenses to mitigate them.
Data breaches down slightly but threats remain high
While data breaches remain a major issue, their frequency has declined slightly in recent years. In 2021, 56% of surveyed companies reported experiencing a breach, but this figure fell to 45% in 2025. Furthermore, the percentage of respondents reporting a breach in the past 12 months fell from 23% in 2021 to just 14% in 2025.
Malware remains the most prevalent threat and has been at the top since 2021. Phishing has moved up to second place, overtaking ransomware, which now ranks third. As for the most worrisome actors, hacktivists lead the way, followed by state-sponsored actors. Human error, while still significant, has dropped to third place compared to the previous year.
Vendors tapped for post-quantum readiness as encryption strategies reevaluate
The Thales 2025 Data Threat Report reveals that most organizations are increasingly concerned about the security risks associated with quantum computing. The number one threat, cited by 63% of respondents, is future encryption compromise—the risk that quantum computers will eventually break current or future encryption algorithms, exposing data previously considered secure. Close behind, 61% of respondents identified vulnerabilities in key distribution, where quantum advances could compromise the secure exchange of encryption keys. In addition, 58% highlighted the “harvest now, decrypt later” (HNDL) threat, where encrypted data intercepted today could be decrypted in the future. Half of organizations are responding by evaluating their encryption strategies, and 60% are prototyping or actively evaluating post-quantum cryptography (PQC) solutions. However, only a third trust cloud providers to manage the transition.
“The time for post-quantum readiness is now. It’s encouraging to see that three out of five companies are already prototyping new encryption algorithms, but deployment timelines are tight and falling behind could expose critical data,” said Todd Moore, global vice president of data security products at Thales . “Even with clear timelines for a transition to PQC algorithms, the pace of encryption change has been slower than expected due to a mix of legacy systems, complexity, and the challenge of balancing innovation and security.”
While the results of this year’s study indicate an improvement in security posture, much remains to be done to raise the level of operational data security to fully support the capabilities of emerging technologies such as generative AI and pave the way for future innovations.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter |The Mainstream formerly known as CIO News Whatsapp Channel | The Mainstream formerly known as CIO News Instagram
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
