The Thales 2025 Data Threat Report: Critical Infrastructure Edition reveals pressing concerns about AI disruption and quantum risks. While breach rates in critical infrastructure (CI) sectors have decreased from 37% in 2021 to just 15% in 2025, the challenges presented by emerging technologies are reshaping security priorities.
The report, based on a global survey of 513 CI professionals, highlights that nearly 73% of respondents consider the fast-evolving AI ecosystem their primary security concern.
As organisations in energy, utilities, telecommunications, and transportation increasingly adopt advanced AI systems to enhance efficiency and resilience, they also face new vulnerabilities. “AI-powered attacks are becoming easier to deploy and are more effective,” warns Todd Moore, vice president of data security products at Thales.
Source: 2025 Critical Infrastructure Data Threat Report, Thales
"While GenAI is intensifying the focus on data security, hasty implementations raise the risk of data breaches. Vulnerabilities in the DeepSeek GenAI model reported shortly after its V3 release serve as a cautionary tale for security teams. Because GenAI architectures are new for most security teams, prioritizing data security efforts is crucial." Thales Report
Moreover, 63% of CI professionals expressed anxiety about risks related to post-quantum computing, specifically the potential for future decryption threats. Over half of the respondents are already prototyping or evaluating post-quantum cryptography algorithms to mitigate “harvest now, decrypt later” scenarios, where sensitive data captured today could be compromised by quantum capabilities in the future.
While the reduction in breaches is commendable, the report underscores that risks persist. Misconfigurations, exploited vulnerabilities, and identity compromise remain prevalent, highlighting that operational discipline and stringent security measures are crucial.
The rise of multi-factor authentication (MFA) has contributed to this improvement, with three-quarters of CI organisations now deploying MFA for over 40% of their employees, although this still lags the global average by 9%.
The report also points to uneven advancements in data sovereignty compliance. While 52% of CI organisations cite regulatory adherence as a driver for data sovereignty efforts, only 2% have encrypted 80% or more of their sensitive cloud-stored data. This inconsistency highlights the need for a cohesive strategy to protect sensitive datasets.
As AI and quantum risks escalate, CISOs in Asia must prioritise adopting robust encryption methods, investing in AI-specific protections, and preparing for the impending post-quantum era.
The intersection of these technologies demands a proactive approach to safeguard long-lived, sensitive data and ensure the resilience of essential services.
