AI Safety Spend Surges Whereas Conventional Safety Budgets Shrink
A brand new Thales report reveals that whereas enterprises are pouring assets into AI-specific protections, solely 8% are encrypting the vast majority of their delicate cloud information — leaving crucial property uncovered whilst AI-driven threats escalate and conventional safety budgets shrink.
The findings come from the lately launched 2025 Thales Cloud Security Study, carried out by S&P World Market Intelligence 451 Analysis and commissioned by international cybersecurity chief Thales. Revealed June 30, 2025, the report is predicated on survey responses from greater than 3,100 IT and safety professionals throughout 20 international locations, representing a variety of industries and organizational sizes. It gives an in-depth have a look at the evolving state of cloud safety — significantly as AI adoption accelerates and hybrid, multicloud infrastructures develop extra advanced.
“The accelerating shift to cloud and AI is forcing enterprises to rethink how they handle danger at scale,” mentioned Sebastien Cano, senior vice chairman, Cyber Safety Merchandise, at Thales, in an announcement. “With over half of cloud information now categorised as delicate, and but solely a small fraction totally encrypted, it is clear that safety methods have not saved tempo with adoption. To stay resilient and aggressive, organizations should embed robust information safety into the core of their digital infrastructure.”
Most Delicate Cloud Knowledge Nonetheless Left Unencrypted
Regardless of years of warnings and rising assault volumes, the research reveals that almost all organizations proceed to depart delicate information within the cloud uncovered.
In accordance with the report, solely 8% of respondents encrypt 80% or extra of their cloud information, regardless that 85% say not less than 40% of their cloud information is delicate. That is a pointy disconnect that represents, in Thales’ phrases, “a manageable danger that organizations ought to handle with urgency.”
The research warns that encryption alone is not sufficient, however with out it, information stays susceptible — particularly as assaults develop extra access-focused. In truth, 68% of respondents cited credential and stolen secrets and techniques assaults because the fastest-growing tactic concentrating on cloud infrastructure, making encryption a final line of protection when entry controls fail.
Cloud Knowledge Encryption Protection (2025)
| % of Cloud Knowledge Encrypted | % of Respondents |
|---|---|
| 0-20% | 15% |
| 21-40% | 22% |
| 41-60% | 26% |
| 61-80% | 22% |
| 81-100% | 15% |
| Common Encryption Protection | 45% |
Along with low protection, organizations additionally battle with key administration sprawl. The report notes that:
- 57% of respondents are utilizing 5 or extra key administration programs (up from 53% final 12 months)
- 48% nonetheless handle encryption keys via cloud supplier consoles
- Solely 28% use “deliver your personal key” (BYOK) approaches, making it the commonest — however nonetheless restricted — technique
