Thales' annual Data Threat Report reveals that nearly 70% of organisations identify the rapid development of artificial intelligence (AI), particularly generative AI (GenAI), as their foremost security concern.
Figure 1: Most concerning risks related to GenAI security
The report indicates that 73% of organisations are investing in AI-specific security tools, either through new budgets or reallocating existing resources. This proactive approach reflects a recognition of AI-driven risks, with many firms diversifying their security strategies. Over two-thirds have acquired tools from cloud providers, while nearly half are turning to emerging startups to enhance their defences.
As organisations increasingly adopt GenAI, they face complex data security challenges. While the drive for rapid transformation is evident, many enterprises are moving faster than they can secure their systems.
“The fast-evolving GenAI landscape is pressuring enterprises to move quickly, sometimes at the cost of caution,” noted Eric Hanselman, chief analyst at S&P Global Market Intelligence 451 Research. This haste can inadvertently create significant vulnerabilities.
The report highlights that malware continues to be the predominant threat, maintaining its position since 2021. Phishing has risen to second place, surpassing ransomware, which now ranks third.
External threat actors, particularly hacktivists and nation-state actors, are viewed as the most concerning. While data breaches remain a significant issue, their frequency has seen a modest decline, dropping from 56% in 2021 to 45% in 2025.
Concerns regarding quantum computing security are also on the rise. Sixty percent of respondents identified future decryption of today’s data and potential encryption compromise as major threats. In response, half of the organisations are reassessing their encryption strategies, with 60% actively exploring post-quantum cryptography (PQC) solutions. Despite this, only a third trust telecom or cloud providers to manage the transition effectively.
Todd Moore, global vice president of Data Security Products at Thales, emphasised the urgency of addressing post-quantum readiness. “The clock is ticking on post-quantum readiness... deployment timelines are tight, and falling behind could leave critical data exposed,” he warned.
While the 2025 Thales Data Threat Report indicates improvements in security postures, the findings highlight the need for organisations to elevate their operational data security to support emerging technologies like GenAI and prepare for future innovations.
Continuous investment in security solutions and a strategic approach to AI risks are essential for safeguarding sensitive information in this rapidly evolving landscape.