Thales Report Finds GenAI Driving Data Security Concerns in 2025

Thales has released the 2025 edition of its annual Data Threat Report, based on a global survey of more than 3,100 IT and security professionals across 20 countries and 15 industries conducted by S&P Global Market Intelligence 451 Research.

This year’s findings highlight the growing impact of artificial intelligence, particularly generative AI (GenAI), on enterprise security strategies.

AI adoption outpaces security readiness

Nearly 70% of respondents identified the rapid pace of AI development — especially GenAI — as their leading security concern. Integrity (64%) and trustworthiness (57%) followed closely behind. GenAI’s reliance on high-quality, sensitive data for training and inference is adding urgency to the challenge.

A third of surveyed organizations said they are already integrating GenAI or experiencing operational transformation from its use. The report notes that as agentic AI emerges, data quality becomes even more critical to ensure sound decision-making.

Eric Hanselman, chief analyst at S&P Global Market Intelligence 451 Research, said enterprises are under pressure to deploy GenAI quickly. “Many enterprises are deploying GenAI faster than they can fully understand their application architectures, compounded by the rapid spread of SaaS tools embedding GenAI capabilities, adding layers of complexity and risk,” Hanselman said.

To address risks, 73% of respondents reported investing in AI-specific security tools. More than two-thirds are acquiring tools from cloud providers, three in five are working with established security vendors, and nearly half are engaging emerging startups. Generative AI security has risen to the second-highest spending priority after cloud security.

Data breaches show modest decline

The survey found that reported data breaches have decreased in recent years. In 2021, 56% of enterprises said they experienced a breach compared with 45% in 2025. Breaches within the last 12 months also dropped from 23% in 2021 to 14% in 2025.

Malware remains the most prevalent threat since 2021. Phishing has overtaken ransomware for the second spot, while ransomware now ranks third. Hacktivists top the list of concerning threat actors, followed by nation-state adversaries. Human error moved down one position to third.

Post-quantum risks prompt new strategies

The report also highlights growing concerns around quantum-related security threats. Sixty-three percent of respondents pointed to potential future encryption compromise as the top risk, followed by key distribution vulnerabilities (61%) and the “harvest now, decrypt later” threat (58%).

Half of surveyed organizations are reassessing encryption strategies, while 60% are actively prototyping or evaluating post-quantum cryptography (PQC) solutions. Only one-third are relying on telecom or cloud providers to manage the transition.

“The clock is ticking on post-quantum readiness,” said Todd Moore, global vice president of data security products at Thales. “Even with clear timelines for transitioning to PQC algorithms, the pace of encryption change has been slower than expected due to a mix of legacy systems, complexity, and the challenge of balancing innovation with security.”