Report finds the rapid pace of GenAI a top security risk
The 2025 Thales Data Threat Report found that nearly 70% of organisations view the rapid pace of AI development—particularly in generative AI—as the leading security concern related to its adoption, followed by a lack of integrity (64%) and trustworthiness (57%). The reoprt is based on a survey conducted by S&P Global Market Intelligence 451 Research of more than 3,100 IT and security professionals in 20 countries across 15 industries.
GenAI has become a transformative force across industries, with enterprises leveraging its capabilities for a variety of tasks, such as enhancing efficiency, innovating product development, redefining customer interactions, training workers, accelerating drug discovery, and improving customer service.
AI is having a transformative impact on businesses, particularly GenAI, which relies heavily on high-quality, sensitive data to operate effectively. As agentic AI emerges, ensuring data quality becomes even more critical for enabling sound decision-making and actions by AI systems. A third of respondents indicated GenAI is either being integrated or is actively transforming operations.
GenAI introduces complex data security challenges. The majority of respondents cite the rapid adoption of GenAI as their top security concern. However, the report also finds that respondents in the more advanced stages of AI adoption are not waiting to secure their systems fully or optimise their tech stacks before forging ahead. As the drive to achieve rapid transformation often outweighs efforts to strengthen organisational readiness, these organisations may inadvertently create their own most significant security vulnerabilities.
“The fast-evolving GenAI landscape is pressuring enterprises to move quickly, sometimes at the cost of caution, as they race to stay ahead of the adoption curve,” Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research, said. “Many enterprises are deploying GenAI faster than they can fully understand their application architectures, compounded by the rapid spread of SaaS tools embedding GenAI capabilities, adding layers of complexity and risk.”
GenAI drives security spending
Seventy-three percent of respondents report investing in AI-specific security tools, either through new budgets or by reallocating existing resources. Those prioritising AI security are diversifying their approaches — over two-thirds have acquired tools from their cloud providers, three in five are leveraging established security vendors, and nearly half are turning to new or emerging startups.
Notably, security for GenAI has quickly risen as a top spending priority, securing the second spot in ranked-choice voting, just behind cloud security.
The report also finds that, while data breaches remain a significant concern, their frequency has decreased slightly over the past few years. Malware remains the most prevalent threat, retaining its top position since 2021. Phishing climbed to second place, overtaking ransomware, which now ranks third. When it comes to the most concerning threat actors, external sources dominate, with hacktivists holding the top spot, followed by nation-state actors. Human error, while still significant, has dropped to third, down one position from the previous year.
Quantum-related security risks
Ultimately, the report reveals that most organisations are becoming increasingly concerned about quantum-related security risks. The top threat, cited by 63% of respondents, is future encryption compromise—the risk that quantum computers could eventually break current or future encryption algorithms, thereby exposing data that was once considered secure. Close behind, 61% identified key distribution vulnerabilities, where quantum advancements could undermine the secure exchange of encryption keys. Additionally, 58% highlighted the “harvest now, decrypt later” (HNDL) threat, where encrypted data intercepted today could be decrypted in the future. In response, half of organizations are assessing their encryption strategies, and 60% are actively prototyping or evaluating post-quantum cryptography (PQC) solutions. Only one-third, however, are placing their trust in telecom or cloud providers to manage the transition.
“The clock is ticking on post-quantum readiness. It’s encouraging that three out of five organizations are already prototyping new cyphers. Still, deployment timelines are tight and falling behind could leave critical data exposed,” Todd Moore, Global Vice President, Data Security Products at Thales, said. “Even with clear timelines for transitioning to PQC algorithms, the pace of encryption change has been slower than expected due to a mix of legacy systems, complexity, and the challenge of balancing innovation with security.”
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
