Many rush into GenAI deployments, frequently without a security net

70% percent of organizations view the pace of AI development, particularly in GenAI, as the leading security concern related to its adoption, followed by lack of data integrity (64%) and trustworthiness (57%), according to Thales.

GenAI becomes a top spending priority

Many organizations are already adopting GenAI, with a third of respondents indicating it is either being integrated or is actively transforming their operations.

As GenAI introduces data security challenges and offers strategic opportunities to strengthen defenses, its growing integration marks a shift among organizations from experimentation to more mature, operational deployment. While most respondents said adoption of GenAI is their top security concern, respondents in the more advanced stages of AI adoption aren’t waiting to fully secure their systems or optimize their tech stacks before forging ahead.

Because the drive to achieve rapid transformation often outweighs efforts to strengthen organizational readiness, these organizations may be inadvertently creating their own biggest security vulnerabilities.

“Many enterprises are deploying GenAI faster than they can fully understand their application architectures, compounded by the spread of SaaS tools embedding GenAI capabilities, adding layers of complexity and risk,” said Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research.

73% are investing investing in AI-specific security tools, either through new budgets or by reallocating existing resources. Those prioritizing AI security are diversifying their approaches: over two-thirds have acquired tools from their cloud providers, three in five are leveraging established security vendors, and nearly half are turning to new or emerging startups.

Notably, security for GenAI has quickly risen as a top spending priority, securing the second spot in ranked-choice voting, just behind cloud security. This shift underscores the growing recognition of AI-driven risks and the need for specialized defenses to mitigate them.

Data breaches show modest decline

While data breaches remain a significant concern, their frequency has slightly decreased over the past few years. In 2021, 56% of surveyed enterprises reported experiencing a breach, but that figure has dropped to 45% in 2025. Additionally, the percentage of respondents reporting a breach within the last 12 months has fallen from 23% in 2021 to just 14% in 2025.

Malware continues to lead as the most prevalent threat, maintaining its top position since 2021. Phishing climbed to second place, overtaking ransomware, which now ranks third. When it comes to the most concerning threat actors, external sources dominate—hacktivists hold the top spot, followed by nation-state actors. Human error, while still significant, has dropped to third, down one position from the previous year.

Organizations are concerned about quantum-related security risks

The top threat, cited by 63% of respondents, is future encryption compromise, the risk that quantum computers could eventually break current or future encryption algorithms, exposing data once considered secure. Close behind, 61% identified key distribution vulnerabilities, where quantum advancements could undermine the secure exchange of encryption keys.

Additionally, 58% highlighted the “harvest now, decrypt later” (HNDL) threat, where encrypted data intercepted today could be decrypted in the future. In response, organizations are assessing their encryption strategies, and 60% are actively prototyping or evaluating post-quantum cryptography (PQC) solutions. Only one-third, however, are placing their trust in telecom or cloud providers to manage the transition.

“The clock is ticking on post-quantum readiness. It’s encouraging that three out of five organizations are already prototyping new ciphers, but deployment timelines are tight and falling behind could leave critical data exposed,” said Todd Moore, Global VP, Data Security Products at Thales. “Even with clear timelines for transitioning to PQC algorithms, the pace of encryption change has been slower than expected due to a mix of legacy systems, complexity, and the challenge of balancing innovation with security.”