Introduction
The pace of digital innovation has accelerated faster than many organisations can manage. The 2025 Thales Data Threat Report makes this imbalance clear, placing a spotlight on security concerns linked to Generative AI (GenAI) and the looming capabilities of quantum computing. These technologies, while presenting vast opportunities, are also adding layers of complexity to enterprise security strategies. Business leaders across sectors—from financial services organisations to defence and space manufacturing—are grappling with a transformed cybersecurity landscape marked by AI-powered attacks, identity security gaps, and future-proof encryption worries.
With input from over 3,100 cybersecurity professionals spanning 20 countries, this year’s report outlines how organisations are confronting increasingly sophisticated threats while rethinking their approach to security.
Background: A Security Landscape Redrawn by Emerging Technologies
Security operations have traditionally focused on perimeter defences and endpoint protection. But the rise of GenAI and quantum computing is forcing a shift. These innovations are reshaping how malicious actors exploit vulnerabilities and how enterprises must adapt.
GenAI, now embedded in language models, business operations, and consumer tools, presents risks that cannot be mitigated through traditional defences alone. Meanwhile, quantum computing is moving from theoretical to tangible, with the potential to crack modern encryption standards—threatening national security and digital identities alike.
Cybersecurity professionals must now contend with identity-based attacks, deepfakes accessible to anyone, and a growing number of supply chain attacks—all while supporting agile, AI-driven application development cycles.
GenAI: A Powerful Ally With Dangerous Blind Spots
From Pilot to Production
Generative AI has evolved quickly from experimentation to real-world integration. One in three respondents in the Thales Data Threat Report confirmed GenAI is already reshaping their core business model. It’s influencing everything from customer service to risk analysis in financial services organisations.
However, this deployment often occurs without consistent security oversight. With development velocity prioritised over safeguards, AI systems are rolled out before robust controls are implemented.
“The pace of GenAI adoption has overwhelmed organisations and exposed them to sophisticated attacks,” explains Gary Orenstein, a leading voice in enterprise AI security.
Trust and Integrity: The New Security Frontiers
AI systems require massive data inputs to function effectively. But flawed or manipulated data can introduce attack vectors that jeopardise decision-making. Trust in AI is no longer optional; it’s essential to maintaining customer trust and business integrity.
According to the report:
- 70% cite GenAI as their leading security concern.
- 64% fear data integrity failures.
- 57% question the trustworthiness of language models.
These numbers reflect more than anxiety—they highlight a clear gap between technical innovation and strategic security planning.
Quantum Computing: The Time Bomb in the Encryption Room
Understanding the Quantum Threat
Quantum computing could render current encryption obsolete. Malicious actors aren’t waiting for quantum capability to arrive—they’re already harvesting encrypted data in the hope of decrypting it later. This “harvest now, decrypt later” (HNDL) approach raises serious concerns for industries handling sensitive data, from defence contractors to software monetization firms.
Sixty-three per cent of survey respondents are worried about quantum computing’s threat to current encryption. Even more are concerned about weaknesses in encryption key distribution—long considered a bedrock of secure communication.
Todd Moore, VP at Thales Cloud Protection & Licensing, warns:
“Post-quantum readiness is behind schedule. It’s promising that many organisations are prototyping new ciphers, but legacy systems complicate the rollout.”
The Race to Post-Quantum Cryptography (PQC)
Progress is happening, though slowly. Around 60% are exploring PQC solutions, while 50% are reassessing encryption strategies. Yet, just a third are confident cloud providers can manage this transition. This mistrust reflects the gravity of the threat and the need for a hands-on, proactive approach to encryption resilience.
Security Budget Reallocation: A Tectonic Shift in Priorities
AI Security on the Budget Radar
Security budgets are adapting. Seventy-three per cent of organisations have redirected or added budget specifically for AI security measures. This budget reallocation is occurring across three main channels:
- Over two-thirds are sourcing solutions from cloud providers.
- Three in five are working with established cybersecurity companies.
- Nearly half are partnering with startups focused on AI-Driven Cyber Threats.
GenAI-related security has become the second most-funded priority—surpassed only by cloud security. The urgency to secure foundational models against attacks like model inversion and prompt manipulation is driving this change.
This investment acknowledges that traditional defences can no longer manage the scale and complexity of modern cybersecurity challenges.
Data Breaches: A Glimmer of Improvement, But No Time for Complacency
Breach Statistics in Decline
The report shares some encouraging news. Breaches have declined:
- From 56% in 2021 to 45% in 2025.
- Incidents in the past 12 months have fallen from 23% to 14%.
While the downward trend is welcome, it shouldn’t mask the evolving tactics of bad actors.
Evolving Threat Vectors
- Malware remains the most widespread threat.
- Phishing attacks have surpassed ransomware, reflecting a rise in social engineering attacks.
- Hacktivists and nation-state actors are now seen as the primary external threats.
- Human error has slipped to third as AI-powered attacks gain prominence.
This evolution shows how cyber operations have become more targeted and sophisticated—requiring a shift-left security approach and integrated security tools during software development.
Common Misconceptions Debunked
Misconception 1: GenAI Is Secure by Default
Reality: GenAI is vulnerable to misuse, including data poisoning and prompt hijacking. Human oversight is essential.
Misconception 2: Quantum Computing Risks Are Decades Away
Reality: Data stolen today could be exposed in five to ten years. Planning now is part of any serious security prediction reports.
Misconception 3: Legacy Security Tools Will Suffice
Reality: AI-powered systems introduce novel vulnerabilities. Security operations centres must evolve beyond manual security reviews and into AI-specific toolsets.
Strategic Approaches to AI and Quantum Security
Tailoring Tools for GenAI
Security architects and application security engineers must implement measures that go beyond firewalls and virus scanners. This includes:
- Monitoring tools that audit outputs for hallucinations and bias.
- Access control systems to regulate who can manipulate models.
- Encryption of training data to prevent leakage.
- Filters to stop manipulative or malicious prompts before execution.
As Steve Povolny, Chief Customer Officer at RAD Security, explains, “GenAI security requires tools that understand language, context, and human reasoning capabilities—not just code patterns.”
Building Trust in Autonomous Systems
AI systems are taking on more decision-making roles. That puts the onus on business leaders to establish ethical guardrails, especially when deploying AI in customer-facing or high-risk environments.
Recommended steps:
- Implement clear boundaries around AI autonomy.
- Use consistent audit trails and model validation.
- Involve compliance, legal, and HR in AI oversight.
- Disclose training methodologies for transparency.
Chris Gibson, a cybersecurity expert in South Korea and the Asia Pacific region, argues:
“Trust isn’t a nice-to-have. It’s fundamental. If users don’t believe in the integrity of AI systems, adoption stalls—and security weakens.”
Key Statistics to Know
| Insight | Statistic |
| GenAI cited as top security concern | 70% |
| Fear over data integrity | 64% |
| Concerns around model trustworthiness | 57% |
| Breaches reported (2025) | 45% |
| Piloting PQC encryption | 60% |
| Quantum-related encryption fears | 63% |
These figures highlight the strategic urgency facing security teams. The challenges aren’t hypothetical—they’re already shaping corporate policy and vendor selection.
Industry Leader Quotes
Eric Hanselman, S&P Global:
“Enterprises are accelerating GenAI adoption, often outpacing their ability to secure it.”
Todd Moore, Thales:
“Legacy infrastructure is the biggest blocker to post-quantum resilience. Organisations must act now.”
Steve Prentice, cybersecurity analyst:
“Security must shift left—closer to development—especially with GenAI and open-source developments driving complexity to software architecture.”
Practical Implications for Enterprises
Immediate Steps for Security Teams
- Map out where GenAI is deployed: Identify systems, tools, and business operations using AI.
- Run a security audit on data practices: Review data quality, access controls, and encryption protocols.
- Pilot PQC algorithms: Prioritise areas with long-term sensitivity.
- Modernise identity security: Include multi-factor authentication, biometric authentication, and protection for mobile devices and connected devices.
- Redesign security operations centres to support AI-driven applications.
The Road Ahead: Preparing for the Inevitable
Future Trends and Forecasts
- Agentic AI will take more decisions without supervision, requiring clear limits and robust logging.
- Quantum-as-a-Service platforms could become commercially accessible, altering threat modelling entirely.
- Security compliance standards will tighten globally, especially across Asia Pacific and the European Union.
As Idan Plotnik, cybersecurity innovator, explains:
“We don’t need a crystal ball to see where this is going. If businesses don’t start adapting today, they’ll be caught off-guard tomorrow.”
Conclusion: Balancing Speed and Security in 2025
The Thales Data Threat Report for 2025 is both a warning and a call to action. It highlights that while some gains have been made—especially around breach reduction—emerging threats demand a fundamentally different approach to security.
Organisations must stop relying on traditional defences and start thinking like attackers. That means adopting proactive, AI-aware solutions, investing in quantum-ready encryption, and building trust from the ground up.
Security isn’t about blocking every risk—it’s about managing them intelligently, with the right tools and mindset. With deliberate investment and informed leadership, enterprises can navigate the challenges ahead with clarity and confidence.
About Search Engine Ascend
At Search Engine Ascend, we translate security prediction reports and emerging technology trends into actionable strategies. Our team of digital specialists helps businesses improve their online presence while supporting their approach to security and risk management. From SEO to cybersecurity guidance, we offer insights that help our clients thrive—not just adapt—in an increasingly connected and complex world.
