The Growing Risks of AI in Data Security: Insights from Thales’ 2025 Report
Thales has released its 2025 Data Threat Report, shedding light on the biggest security challenges facing organisations today. Based on a survey of over 3,100 IT and security experts across 20 countries and various industries, the report highlights how rapid advances in technology, particularly artificial intelligence , are reshaping the landscape of data protection.
AI Takes Centre Stage in Security Concerns
One of the most striking findings is the widespread concern over the fast-paced development of Artificial Intelligence, especially generative AI — the kind of AI that creates content such as text, images, or code by learning from vast amounts of data. Nearly seven out of ten organisations see this rapidly evolving technology as their top security risk. This is largely because generative AI relies heavily on access to large volumes of sensitive and high-quality data, which raises significant privacy and security issues.
Many companies are adopting generative AI quickly, with about a third already integrating it into their daily operations. While this can offer powerful benefits, the rush to implement AI tools often outpaces the development of adequate security measures. In some cases, businesses may be unintentionally exposing themselves to greater risk by prioritising rapid transformation over thorough security preparation.
Image 1: AI Security (Source: Thales)
Investing in AI-Specific Security Measures
In response to these risks, most organisations are increasing their investment in security technologies designed specifically for AI environments. Around 73% of those surveyed are dedicating budget towards protecting AI systems, either through fresh funding or by shifting existing resources. This investment includes tools offered by major cloud providers, established cybersecurity firms, and innovative startups specialising in Artificial Intelligence defence. Securing AI infrastructure has quickly become a major priority, ranking just behind cloud security as a focus for security spending.
Despite the surge in Artificial Intelligence-related risks, traditional threats such as malware and phishing remain highly prevalent. The frequency of data breaches has decreased slightly over the past few years, dropping from more than half of organisations reporting breaches in 2021 to less than half in 2025. However, malware remains the most common attack method, followed by phishing scams, which have risen in prominence, overtaking ransomware as the third most frequent threat.
Hacktivists — individuals or groups hacking for political or social causes — along with nation-state actors, are currently viewed as the most significant external threats. Meanwhile, errors caused by human mistakes have declined but still contribute to security challenges.
Preparing for the Quantum Era
The report also draws attention to emerging concerns around quantum computing, a powerful future technology that could undermine current encryption methods. Around 60% of organisations are worried about the possibility that data encrypted today could be intercepted and later decrypted once quantum computers become advanced enough — a scenario often called “harvest now, decrypt later.”
In response, many businesses are evaluating or experimenting with new types of encryption designed to withstand quantum computing attacks, known as post-quantum cryptography. Approximately half are reassessing their encryption strategies, and 60% are actively testing these new cryptographic solutions. Yet, only a minority fully trust cloud or telecommunications providers to manage this transition securely.
Although there has been progress in improving security across various fronts, the report underscores that much more effort is needed. Organisations face a critical challenge in balancing the need to innovate rapidly with the necessity of building strong, future-proof defences.
Image 2: Cyber security (Source: Forbes)
What This Means Going Forward
The 2025 Thales Data Threat Report highlights a turning point for data security. As Artificial Intelligence technologies become more embedded in business operations, companies must be mindful of the risks that come with speed and complexity. Investing in specialised AI security tools and preparing for quantum computing threats are no longer optional — they are essential steps to safeguard sensitive data.
At the same time, ongoing vigilance against established cyber threats like malware and phishing remains crucial. Ultimately, organisations need to adopt a thoughtful, proactive approach to security that keeps pace with technology without compromising protection.
