Outpacing Risk: How AI, quantum, and cloud are reshaping data security today

The newly released Thales 2025 Data Threat Report points to a pivotal shift in global cybersecurity. The digital risk landscape is becoming more volatile, and the accelerated adoption of generative AI is adding both promise and peril. While GenAI offers remarkable opportunities for innovation, its rapid rollout often outpaces security safeguards—putting sensitive data in the crosshairs. With many security teams still grappling with new AI-driven architectures, strengthening data protection has never been more urgent. This year’s findings send a clear message: organizations must anchor their security strategies in the data they collect, process, and safeguard.

The AI race: Outpacing security preparedness

As enterprises embrace AI to gain competitive advantages, a new wave of risk is emerging. The 2025 report uncovers a widening gap between rising awareness of GenAI threats and actual preparedness to address them.

• Nearly 70% of respondents flagged the fast-evolving AI ecosystem as their top concern.
• Yet many businesses already advancing AI adoption admit they are pushing forward without securing systems or optimizing their technology stacks.

The pressure to innovate often overshadows the need to harden defenses—creating unintended vulnerabilities.

Application security is also being tested by growing architectural complexity:

• 34% of organizations now manage more than 500 APIs.
• 59% worry about code weaknesses, and 48% are concerned about supply chain risks.
• Surprisingly, just 16% view secrets management as essential, even though exposed keys and credentials are a well-documented attack vector.

Quantum Computing: A dual-edged sword

Respondents also highlighted looming threats from quantum computing:

• 63% worry about encryption compromise.
• 61% cited risks to key distribution.
• 58% fear “harvest now, decrypt later” tactics that put today’s data at tomorrow’s risk.

Regulatory bodies are responding. NIST’s 2024 transition guide calls for retiring RSA and ECC by 2035, giving organizations a decade to move toward quantum-safe encryption. Many businesses are already preparing:

• 57% are testing or evaluating PQC algorithms.
• 48% are reviewing encryption practices.
• 45% are building crypto-agility into systems.
• Only 33% say they’ll rely on external providers, indicating many are taking direct ownership of quantum readiness.

Cloud expansion and the sovereignty challenge

As cloud adoption accelerates, data sovereignty has become a pressing priority. Companies want more control over where their data lives, who manages it, and how it moves across environments.

The report identifies three sovereignty dimensions:

• Data sovereignty: ensuring residency and compliance.
• Operational sovereignty: controlling access and management.
• Software sovereignty: enabling portability across platforms.

Key findings:

• 33% cited application portability as the main driver of sovereignty initiatives.
• 50% said they’re willing to refactor applications to achieve it.
• 76% of enterprises are running in multi-cloud environments, introducing new challenges around integration, visibility, and consistency.

Fragmentation is a recurring issue. Many businesses use five or more tools for data discovery, alongside multiple key managers for encryption—complicating oversight and undermining uniform security policy enforcement.

Compliance as a security driver

This year’s data shows a strong link between regulatory compliance and breach prevention.

• 78% of organizations that failed a compliance audit also reported data breaches—nearly four times higher than those passing audits.
• Yet 45% of businesses failed a recent audit, pointing to the difficulty of managing compliance across hybrid and multi-cloud environments.

The takeaway: compliance isn’t just about meeting regulatory checkboxes—it’s a proven defense mechanism against real-world threats.

The evolving threat landscape and MFA progress

Phishing, malware, and ransomware remain the leading attack vectors. While human error is now considered less of a direct risk, phishing-driven credential theft still plays a significant role in breaches.

Encouragingly, adoption of phishing-resistant authentication is rising:

• 60% now use biometrics.
• 47% are adopting passwordless passkey solutions.

These measures are showing results: breach rates have fallen from 23% in 2021 to 14% in 2025. Still, gaps remain—only 57% consistently enforce strong MFA for cloud apps, and 13% of breaches were traced back to a failure to secure privileged accounts.

Moving toward unified data protection

The overarching lesson of the 2025 Data Threat Report is clear: security must evolve from a collection of siloed tools into a unified, strategic capability. To succeed, organizations need to:

• Consolidate fragmented solutions.
• Enforce centralized policies.
• Ensure data protection spans hybrid and multi-cloud environments seamlessly.

Capabilities such as data security posture management (DSPM), robust encryption and key management, and API visibility are becoming essential markers of maturity.

Final thoughts

The cybersecurity landscape is shifting rapidly, shaped by GenAI, quantum, and cloud complexity. Organizations that focus on holistic, data-centric security—not just visibility or compliance—will be better positioned to reduce risk and build resilience.

Download the full Thales 2025 Data Threat Report to dive deeper into the findings and learn how to future-proof your enterprise against the challenges ahead. Unlock additional insights by watching this short video.