MEUDON, FRANCE -- Thales announced the release of the 2025 Thales Data Threat Report, its annual report on the latest data security threats, trends, and emerging topics based on a survey conducted by S&P Global Market Intelligence 451 Research of more than 3,100 IT and security professionals in 20 countries across 15 industries. This year’s report found that nearly 70% of organizations view the rapid pace of AI development[1] —particularly in generative AI—as the leading security concern related to its adoption, followed by lack of integrity (64%) and trustworthiness (57%).
The 2025 Thales Data Threat Report results reveal a major focus on the transformative impact of AI, especially GenAI, which relies heavily on high-quality, sensitive data for functions like training, inference, and content generation. As agentic AI emerges, ensuring data quality becomes even more critical for enabling sound decision-making and actions by AI systems. Many organizations are already adopting GenAI, with a third of respondents indicating it is either being integrated or is actively transforming their operations.
Organizations Embrace GenAI, Taking on Greater Security Risks Amid Rapid Adoption
As GenAI introduces complex data security challenges and offers strategic opportunities to strengthen defenses, its growing integration marks a shift among organizations from experimentation to more mature, operational deployment. While most respondents said rapid adoption of GenAI is their top security concern, respondents in the more advanced stages of AI adoption aren’t waiting to fully secure their systems or optimize their tech stacks before forging ahead. Because the drive to achieve rapid transformation often outweighs efforts to strengthen organizational readiness, these organizations may be inadvertently creating their own biggest security vulnerabilities.
“The fast-evolving GenAI landscape is pressuring enterprises to move quickly, sometimes at the cost of caution, as they race to stay ahead of the adoption curve,”
Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research, said. “Many enterprises are deploying GenAI faster than they can fully understand their application architectures, compounded by the rapid spread of SaaS tools embedding GenAI capabilities, adding layers of complexity and risk.”
Seventy-three percent of respondents report investing in AI-specific security tools, either through new budgets or by reallocating existing resources. Those prioritizing AI security are diversifying their approaches: over two-thirds have acquired tools from their cloud providers, three in five are leveraging established security vendors, and nearly half are turning to new or emerging startups. Notably, security for generative AI has quickly risen as a top spending priority, securing the second spot in ranked-choice voting, just behind cloud security. This shift underscores the growing recognition of AI-driven risks and the need for specialized defenses to mitigate them.
Data Breaches Show Modest Decline, Though Threats Remain Elevated
While data breaches remain a significant concern, their frequency has slightly decreased over the past few years. In 2021, 56% of surveyed enterprises reported experiencing a breach, but that figure has dropped to 45% in 2025. Additionally, the percentage of respondents reporting a breach within the last 12 months has fallen from 23% in 2021 to just 14% in 2025.
Malware continues to lead as the most prevalent threat, maintaining its top position since 2021. Phishing climbed to second place, overtaking ransomware, which now ranks third. When it comes to the most concerning threat actors, external sources dominate—hacktivists hold the top spot, followed by nation-state actors. Human error, while still significant, has dropped to third, down one position from the previous year.
Vendors Pressed on Post-Quantum Readiness as Encryption Strategies Are Reassessed
The 2025 Thales Data Threat Report reveals that most organizations are increasingly concerned about quantum-related security risks. The top threat, cited by 63% of respondents, is future encryption compromise—the risk that quantum computers could eventually break current or future encryption algorithms, exposing data once considered secure. Close behind, 61% identified key distribution vulnerabilities, where quantum advancements could undermine the secure exchange of encryption keys. Additionally, 58% highlighted the “harvest now, decrypt later” (HNDL) threat, where encrypted data intercepted today could be decrypted in the future. In response, half of organizations are assessing their encryption strategies, and 60% are actively prototyping or evaluating post-quantum cryptography (PQC) solutions. Only one-third, however, are placing their trust in telecom or cloud providers to manage the transition.
“The clock is ticking on post-quantum readiness. It’s encouraging that three out of five organizations are already prototyping new ciphers, but deployment timelines are tight and falling behind could leave critical data exposed,”
Todd Moore, Global Vice President, Data Security Products at Thales, said. “Even with clear timelines for transitioning to PQC algorithms, the pace of encryption change has been slower than expected due to a mix of legacy systems, complexity, and the challenge of balancing innovation with security.”
While this year’s survey results indicate improvements in security posture, much more is needed to elevate operational data security to fully support the capabilities of emerging technologies such as GenAI and to pave the way for future innovations.
