For five consecutive years, the Thales Data Threat Report has analyzed worldwide trends in data security, cloud adoption, compliance and security strategies. The 2025 report continues to examine internal vulnerabilities, external threats and their impacts on enterprise assets. The Data Threat Report also evaluates new and evolving technologies affecting risk management and data security. The report revisits core data security principles in light of evolving technology, industry, regulatory and risk landscapes, with additional focus this year on application security. As always, the Data Threat Report encourages and equips security leaders to build stronger alliances spanning their own organizations and partner ecosystems to achieve broader enterprise goals.
The 2025 Data Threat Report results show progress in key areas of data security, but much work remains as organizations mature their data security controls. Efforts must intensify to securely empower the surge in GenAI activity. New and unfamiliar risks must be addressed, and the tools and technology to mitigate them are available, but they must be used effectively and expeditiously.
Conducted by
69% regard fast-moving ecosystem as most concerning GenAl security risk, followed by lack of integrity (64%) and trustworthiness (57%).
73% of respondents are investing in GenAI-specific tools, with 20% using newly allocated budget.
24% have little or no confidence in identifying where their data is stored.
14% reported experiencing a recent data breach.
Organizations identified these major quantum computing security threats:
63% future encryption compromise
61% key distribution
58% future decryption of today's data, including harvest now, decrypt later
83% said that strong MFA is used more than 40% of the time.
55% were driven to pursue digital sovereignty by specific customer, regional or global privacy mandates.
42% said that encryption and key management provide sufficient protection.
34% of enterprises use more than 500 APIs; that proportion rises to 50% among Manufacturing respondents.
59% of respondents said code vulnerabilities are a major concern for application security, placing it as the top response.
55% said Secrets management is the leading DevOps security challenge.
16% identified secrets management as most effective in protecting data, despite the devastating impact of compromised secrets.