2025 Thales Data Threat Report

Of those prioritizing AI security, nearly half are turning to new or emerging startups.

Malware remains the top attack type, holding this position since 2021.

Of those prioritizing AI security, over two-thirds have acquired tools from their cloud providers.

Half (50%) of organizations are assessing their encryption strategies in response to quantum risks.

Security for generative AI has quickly risen as a top spending priority, securing the second spot in ranked-choice voting, just behind cloud security.

In 2021, 56% of surveyed enterprises reported experiencing a breach. That figure has dropped to 45% in 2025.

57% of organizations view lack of trustworthiness as a major concern regarding AI adoption.

Only one-third of organizations are placing their trust in telecom or cloud providers to manage the transition to PQC.

A third of respondents indicate that GenAI is either being integrated or is actively transforming their operations.

61% identified key distribution vulnerabilities as a major quantum-related threat.

73% of respondents report investing in AI-specific security tools, using either new budgets or reallocating existing resources.

Nearly 70% of organizations identify AI’s fast-moving ecosystem, particularly in generative AI, as the top GenAI-related security risk.

64% of organizations view lack of integrity as a major concern regarding AI adoption.

Of those prioritizing AI security, three in five (60%) are leveraging established security vendors.

58% highlighted the “harvest now, decrypt later” (HNDL) threat as a major quantum-related threat.

Nation-state actors are second most concerning threat actors.

60% identified future decryption of today’s data and future encryption compromise as major concerns among quantum computing security threats.

Phishing has risen to second place of most popular attack types.

Human error, while still significant, has dropped to third place of most concerning threat actors.

The top quantum-related threat, cited by 63% of respondents, is future encryption compromise (the risk that quantum computers could break current or future encryption).

The percentage of respondents reporting a breach within the last 12 months has fallen from 23% in 2021 to just 14% in 2025.

Ransomware has dropped to third place of most popular attack types.

When it comes to the most concerning threat actors, external sources dominate with hacktivists holding the top spot.

60% (three out of five) of organizations are actively prototyping or evaluating post-quantum cryptography (PQC) solutions or prototyping new ciphers.

Human error, while still significant, has dropped to third place of most concerning threat actors.