AI Safety Spend Surges Whereas Conventional Safety Budgets Shrink
A brand new Thales report reveals that whereas enterprises are pouring assets into AI-specific protections, solely 8% are encrypting the vast majority of their delicate cloud information — leaving crucial belongings uncovered whilst AI-driven threats escalate and conventional safety budgets shrink.
The findings come from the not too long ago launched 2025 Thales Cloud Security Study, carried out by S&P World Market Intelligence 451 Analysis and commissioned by international cybersecurity chief Thales. Printed June 30, 2025, the report relies on survey responses from greater than 3,100 IT and safety professionals throughout 20 international locations, representing a spread of industries and organizational sizes. It provides an in-depth take a look at the evolving state of cloud safety — notably as AI adoption accelerates and hybrid, multicloud infrastructures develop extra complicated.
“The accelerating shift to cloud and AI is forcing enterprises to rethink how they handle threat at scale,” stated Sebastien Cano, senior vice chairman, Cyber Safety Merchandise, at Thales, in an announcement. “With over half of cloud information now categorized as delicate, and but solely a small fraction totally encrypted, it is clear that safety methods have not stored tempo with adoption. To stay resilient and aggressive, organizations should embed sturdy information safety into the core of their digital infrastructure.”
Most Delicate Cloud Knowledge Nonetheless Left Unencrypted
Regardless of years of warnings and rising assault volumes, the examine reveals that almost all organizations proceed to depart delicate information within the cloud uncovered.
In keeping with the report, solely 8% of respondents encrypt 80% or extra of their cloud information, though 85% say a minimum of 40% of their cloud information is delicate. That is a pointy disconnect that represents, in Thales’ phrases, “a manageable threat that organizations ought to handle with urgency.”
The examine warns that encryption alone is not sufficient, however with out it, information stays susceptible — particularly as assaults develop extra access-focused. In truth, 68% of respondents cited credential and stolen secrets and techniques assaults because the fastest-growing tactic concentrating on cloud infrastructure, making encryption a final line of protection when entry controls fail.
Cloud Knowledge Encryption Protection (2025)
| % of Cloud Knowledge Encrypted | % of Respondents |
|---|---|
| 0-20% | 15% |
| 21-40% | 22% |
| 41-60% | 26% |
| 61-80% | 22% |
| 81-100% | 15% |
| Common Encryption Protection | 45% |
Along with low protection, organizations additionally battle with key administration sprawl. The report notes that:
- 57% of respondents are utilizing 5 or extra key administration programs (up from 53% final 12 months)
- 48% nonetheless handle encryption keys by means of cloud supplier consoles
- Solely 28% use “convey your individual key” (BYOK) approaches, making it the commonest — however nonetheless restricted — technique
