Nearly 70% of organizations view artificial intelligence's rapidly evolving ecosystem as their top security concern, even as they accelerate GenAI deployment across their operations, according to the 2025 Thales Data Threat Report.

Based on a survey of more than 3,100 IT and security professionals across 20 countries, it reveals a troubling disconnect between AI adoption speed and security preparedness. Organizations are embracing generative AI faster than they can secure it, potentially creating their own biggest vulnerabilities.

"The fast-evolving GenAI landscape is pressuring enterprises to move quickly, sometimes at the cost of caution, as they race to stay ahead of the adoption curve," said Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research, which conducted the survey. "Many enterprises are deploying GenAI faster than they can fully understand their application architectures."

The findings highlight a critical challenge facing businesses today: the pressure to transform operations through AI while managing unprecedented security risks. Beyond the pace of development, organizations cited lack of integrity (64%) and trustworthiness (57%) as major AI-related security concerns.

Security Spending Follows AI Investment

Despite the risks, organizations aren't backing down from AI adoption. The report found that 73% are investing in AI-specific security tools, either through new budgets or by reallocating existing resources. A third of respondents indicated GenAI is either being integrated into their operations or actively transforming them.

Security for generative AI has become the second-highest spending priority in ranked-choice voting, trailing only cloud security. Organizations are diversifying their security approaches, with over two-thirds acquiring tools from cloud providers, three in five leveraging established security vendors, and nearly half turning to emerging startups.

The complexity is compounded by the rapid proliferation of software-as-a-service tools that embed GenAI capabilities, adding multiple layers of potential risk that organizations struggle to fully comprehend.

The report did deliver some positive news on traditional cybersecurity fronts. Data breach frequency has declined modestly over recent years, dropping from 56% of surveyed enterprises in 2021 to 45% in 2025. The percentage reporting a breach within the past 12 months fell from 23% to 14% over the same period.

Malware continues to dominate as the most prevalent threat, maintaining its top position since 2021. However, phishing has climbed to second place, overtaking ransomware, which dropped to third. Among threat actors, hacktivists pose the greatest concern, followed by nation-state actors, while human error fell to third place.

Quantum Computing Looms as Future Threat

Organizations are also grappling with longer-term security challenges posed by quantum computing. The report found that 63% of respondents identified future encryption compromise as a major concern, fearing that quantum computers could eventually break current encryption algorithms and expose previously secure data.

Other significant quantum-related concerns include key distribution vulnerabilities (61%) and "harvest now, decrypt later" attacks (58%), where encrypted data intercepted today could be decrypted by future quantum computers.

In response, half of organizations are reassessing their encryption strategies, and 60% are actively prototyping or evaluating post-quantum cryptography solutions. However, only one-third trust telecom or cloud providers to manage the transition.

"The clock is ticking on post-quantum readiness," said Todd Moore, Global Vice President of Data Security Products at Thales. "It's encouraging that three out of five organizations are already prototyping new ciphers, but deployment timelines are tight and falling behind could leave critical data exposed."

The AI Security Paradox

The report underscores a fundamental paradox in modern cybersecurity: organizations recognize AI as both a significant risk and an essential business tool. As agentic AI systems become more sophisticated and decision-making capabilities expand, the quality and security of underlying data becomes even more critical.

The challenge extends beyond traditional security measures. Organizations must now consider how AI systems access, process, and generate content using sensitive data, while ensuring the integrity and trustworthiness of AI-driven decisions.

"While this year's survey results indicate improvements in security posture, much more is needed to elevate operational data security to fully support the capabilities of emerging technologies such as GenAI," the report concluded.

The findings suggest that as organizations continue their digital transformation journeys, balancing innovation speed with security robustness will remain a defining challenge for business leaders and security professionals alike.