Critical Infrastructure

2025 Thales
Data Threat Report

AI, Quantum and the Evolving Data Threatscape for Utilities, Energy, Telecom and Transportation organizations

#2025DataThreatReport
2025 Thales Data Threat Report - Critical Infrastructure Edition

In the Era of AI, Data Takes Center Stage

The 2025 Data Threat Report Critical Infrastrucutre Edition examines internal vulnerabilities, external threats and their impact on the assets of energy, utilities, telecommunications and transportation organizations. The report covers the impact of Artificial Intelligence on security practices, the challenges of a complex IT environment, data security best practices and the evolving threat landscape among other topics. As always, the Data Threat Report encourages and equips security leaders to build stronger alliances spanning their own organizations and partner ecosystems to achieve broader enterprise goals. 

This research was based on a segment of 513 energy and utilities, telecommunications and transportation industry respondents extracted from a global survey of 3,163 professionals in security and IT management in 20 countries.

Conducted by

S&P Market Intelligence

Sponsored by

Arrow - Five Years Out

Climb

Exclusive Networks

TD Synnex

The clock is ticking on post-quantum readiness. It’s encouraging that three out of five organizations are already prototyping new ciphers, but deployment timelines are tight and falling behind could leave critical data exposed.”
Todd Moore Global Vice President, Data Security Products Thales
Todd Moore

Key Findings

AI icon

Tracking Al Development

73% cited the fast-moving AI ecosystem as their top concern, followed by concerns about lack of integrity in models or data (64%) and lack of trust (53%).

74% of respondents are investing in GenAI-specific security tools, and 19% are using newly allocated budget. 

Trends in Data Security

22% have little or no confidence in identifying where their data is stored.

Only 2% of Critical Infrastructure organizations have encrypted 80% or more of their sensitive cloud data.

Data Security icon

PQC icon

Right on'Q'

Critical Infrastructure organizations identified these major quantum computing security threats:

62% are concerned about future encryption compromise.

63% are concerned about key distribution.

60% are concerned about future decryption of today's data, including harvest now, decrypt later.

Data Security Fuels Digital Sovereignty

52% were driven to pursue digital sovereignty by specific customer, regional or global privacy mandates.

50% said that encryption and key management provide sufficient protection to achieve objectives.

Sovereignty icon

Cloud Platform icon

Cloud Platform Growth and Challenges Continue

2.1 The average number of IaaS providers, remained constant, similar to the overall average.

102 The average quantity of SaaS applications in use grew from 83 last year to 102 this year a 23% increase in just one year.

Application Security: Essential for Data Protection

39% of organizations use more than 500 APIs; 20% use more than 1,000 (compared to 34% and 16%, respectively, surveywide).

58% of organizations said code vulnerabilities are a major concern for application security, placing it as the top response, compared to 59% surveywide.

Application Security icon

Cloud DevOps icon

From Cloud DevOps to Platform Engineering

61% said Secrets management is a leading DevOps security challenge, versus 55% surveywide.

Only 18% identified secrets management as most effective in protecting data, despite the devastating impact of compromised secrets.

Critical Infrastructure Edition

2025 Thales
Data Threat 
Report

Download the full report now to stay ahead of
AI, Quantum and the Evolving Data Threatscape for
Utilities, Energy, Telecom and Transportation organizations 

Get the Report

Partners Resources Blogs Sentinel Drivers