According to Thales, AI and quantum threats have catapulted to the top of the worry list for organisations wrestling with data security. That’s the key takeaway from the cybersecurity giant’s 2025 Data Threat Report, an annual deep dive into the latest data security threats, emerging trends, and hot topics.This year’s findings are stark: almost seven out of ten organisations now see the sheer speed of AI development – especially where generative AI is concerned – as the number one security headache related to its adoption. This anxiety isn’t just about pace; it’s also fed by concerns over a fundamental lack of integrity in AI systems (flagged by 64% of those surveyed) and a troubling deficit in trustworthiness (a worry for 57%).Generative AI is a data-hungry beast, relying heavily on high-quality, often sensitive, information for core functions like training models, making inferences, and, of course, generating content.As we make rapid advancements in “agentic AI” – systems that can act more autonomously – the pressure to ensure data quality is high calibre becomes even more critical. After all, sound decisionmaking and reliable actions from AI systems depend entirely on the data they’re fed.Many organisations are already diving in, with a third of respondents indicating generative AI is either being actively integrated or is already a force for transformation within their operations.Security threats increase as organisations embrace generative AIAs generative AI throws up a complex web of data security challenges while simultaneously offering strategic avenues to bolster defences, its growing integration signals a distinct shift. Businesses are moving beyond just dipping their toes in the AI water; they’re now looking at more mature, operational deployments.Interestingly, while most respondents tabbed the swift uptake of GenAI as their biggest security concern, those further along the AI adoption curve aren’t hitting the pause button to completely lock down their systems or fine-tune their tech stacks before forging ahead. This dash for rapid transformation – often overshadowing efforts to ensure organisational readiness – could mean these companies are, perhaps unwittingly, creating their own most serious security weak spots.Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research, said: “The fast-evolving GenAI landscape is pressuring enterprises to move quickly, sometimes at the cost of caution, as they race to stay ahead of the adoption curve.“Many enterprises are deploying GenAI faster than they can fully understand their application architectures, compounded by the rapid spread of SaaS tools embedding GenAI capabilities, adding layers of complexity and risk.”On a more positive note, 73% of respondents report they are putting money into AI-specific security tools to counter threats, either through fresh budgets or by reshuffling existing resources. Those making AI security a priority are also diversifying their approaches: over two-thirds have sourced tools from their cloud providers, three in five are turning to established security vendors, and almost half are looking to new or emerging startups for solutions.What’s particularly telling is how quickly security for generative AI has climbed the spending charts, nabbing the second spot in ranked-choice voting, just pipped to the post by the perennial concern of cloud security. This shift powerfully underscores the growing recognition of AI-driven risks and the urgent need for specialised defences to counter them.Data breaches show modest decline, though threats remain elevatedWhile the nightmare of a data breach still looms large for many, their reported frequency has actually dipped slightly over the past few years.Back in 2021, 56% of enterprises surveyed said they’d experienced a breach at some point; that figure has eased to 45% in the 2025 report. Delving deeper, the percentage of respondents reporting a breach within the last 12 months has dropped from 23% in 2021 to a more encouraging 14% in 2025.When it comes to the persistent villains of the threat landscape, malware continues to lead the pack, holding onto its top spot since 2021. Phishing has craftily climbed into second place, nudging ransomware down to third.As for who’s causing the most concern, external actors dominate: hacktivists are currently seen as the primary menace, followed by nation-state actors. Human error, whilst still a significant factor, has slipped to third, down one position from the previous year.Vendors pressed on readiness for quantum threatsThe 2025 Thales Data Threat Report also casts a revealing light on the growing unease within most organisations about quantum-related security risks.The top threat here, cited by a hefty 63% of respondents, is the looming danger of “future encryption compromise.” This is the unsettling prospect that powerful quantum computers could one day shatter current or even future encryption algorithms, exposing data previously thought to be securely locked away. Hot on its heels, 61% identified key distribution vulnerabilities, where quantum breakthroughs could undermine the methods we use to securely exchange encryption keys. Furthermore, 58% highlighted the “harvest now, decrypt later” (HNDL) threat – a chilling scenario where encrypted data, scooped up today, could be decrypted by powerful quantum machines in the future.In response to these gathering clouds, half of the organisations surveyed are taking a hard look at their current encryption strategies with 60% already prototyping or evaluating post-quantum cryptography (PQC) solutions. However, it seems trust is a scarce commodity, as only a third are pinning their hopes on telecom or cloud providers to navigate this complex transition for them.Todd Moore, Global VP of Data Security Products at Thales, commented: “The clock is ticking on post-quantum readiness. It’s encouraging that three out of five organisations are already prototyping new ciphers, but deployment timelines are tight and falling behind could leave critical data exposed.“Even with clear timelines for transitioning to PQC algorithms, the pace of encryption change has been slower than expected due to a mix of legacy systems, complexity, and the challenge of balancing innovation with security.”There’s clearly a lot more work to be done to get operational data security truly up to speed, not just to support the advanced capabilities of emerging technologies like generative AI, but also to lay down a secure foundation for whatever threats are just around the corner.(Image by Pete Linforth)Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Digital Transformation Week, IoT Tech Expo, Blockchain Expo, and AI & Big Data Expo.Explore other upcoming enterprise technology events and webinars powered by TechForge here.