The 2025 Thales Data Threat Report reveals a major shift in how organizations perceive cyber risk, with AI and quantum computing threats now topping the list of concerns. As businesses increasingly integrate generative AI into operations, many find themselves racing ahead of their own security readiness — a trend that could open doors to serious vulnerabilities.
According to the global report, nearly 70% of respondents cited the rapid pace of AI development as their leading cybersecurity concern, specifically pointing to generative AI’s unpredictable nature. A majority also expressed fears over AI’s lack of integrity (64%) and trustworthiness (57%), raising serious questions about the reliability of AI-driven systems.
Generative AI Fuels Transformation—And Risk
Generative AI requires high-quality, often sensitive data to train models and produce reliable outputs. As companies explore agentic AI — autonomous systems capable of making decisions — the pressure to safeguard data grows exponentially. Still, one-third of organizations have already integrated or are actively adopting generative AI in their operations.
Despite acknowledging the risks, many companies aren’t slowing down to re-evaluate their infrastructure before rolling out AI-powered tools. This urgency may be creating their own weakest security links, according to S&P Global’s Eric Hanselman, who noted that many businesses are deploying GenAI faster than they understand their own architecture.
To respond, 73% of organizations report investing in AI-specific security solutions, often by reallocating existing budgets. Companies are sourcing protection from a mix of cloud providers (67%), established security vendors (60%), and emerging startups (47%). Notably, AI security now ranks second in cybersecurity spending priorities, trailing only cloud security.
Quantum Computing Risks Accelerate Post-Quantum Urgency
The 2025 Thales Data Threat Report also highlights the mounting anxiety over quantum computing threats, particularly the possibility of future encryption failure. 63% of organizations fear that quantum advancements could break current encryption, while 61% are worried about key distribution vulnerabilities. Another 58% flagged the “harvest now, decrypt later” (HNDL) risk, where encrypted data stolen today could be deciphered by quantum systems in the future.
In response, 60% of surveyed organizations are already evaluating or prototyping post-quantum cryptography (PQC). However, only one-third say they trust telecom or cloud providers to lead this transition, suggesting a strong desire for internal control over quantum readiness.
Todd Moore, Global VP of Data Security at Thales, warns that progress on post-quantum encryption is moving too slowly. “Even with guidance from standards bodies, the pace of transition is lagging. Legacy systems, integration challenges, and the balance between innovation and security are slowing adoption,” he said.
Data Breaches Decline, But Threat Landscape Remains Active
While overall data breach incidents have declined, the threat level remains high. In 2021, 56% of respondents reported experiencing a data breach. That number dropped to 45% in 2025, with only 14% reporting a breach in the last 12 months, compared to 23% four years ago.
Malware remains the top threat vector, followed closely by phishing and ransomware. Hacktivists and nation-state actors are considered the most dangerous external threats, while human error, though still notable, has dropped in perceived severity.
The report paints a picture of a cybersecurity landscape in flux—one where innovation, urgency, and long-term threats are colliding. Organizations are clearly aware of the stakes, but balancing transformation with resilience remains a formidable challenge.
