IT Brief Canada - Technology news for CIOs & IT decision-makers
Canada
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
Malware
#
Ransomware
#
Encryption

Organisations prioritise AI security as GenAI adoption accelerates

Yesterday
Author image
By Shannon Williams, Journalist

Thales has published the findings of its 2025 Data Threat Report, identifying that nearly 70% of organisations consider the rapid progression of artificial intelligence, particularly generative AI, as the primary security concern associated with its adoption.

The report, produced in partnership with S&P Global Market Intelligence 451 Research, is based on a survey of over 3,100 IT and security professionals across 20 countries and 15 industries. It highlights that, beyond the speed of AI development, 64% of respondents cited concerns around AI integrity, while 57% pointed to questions regarding the trustworthiness of these technologies.

The survey results reflect a significant shift in how organisations are engaging with generative AI, with one third of respondents indicating that it is either being integrated or is actively transforming their operations. According to the report, as agentic AI increases in prominence and is relied upon to make decisions and generate content, the overall quality and sensitivity of data involved becomes ever more crucial to ensure sound outputs and organisational security.

The research found that organisations are moving from experimenting with GenAI to operational deployment. However, this transition brings greater security risks. The findings suggest that many organisations are not waiting to secure their systems or fully optimise their technology stacks prior to implementing GenAI, potentially exposing themselves to vulnerabilities.

Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research, commented, "The fast-evolving GenAI landscape is pressuring enterprises to move quickly, sometimes at the cost of caution, as they race to stay ahead of the adoption curve. Many enterprises are deploying GenAI faster than they can fully understand their application architectures, compounded by the rapid spread of SaaS tools embedding GenAI capabilities, adding layers of complexity and risk."

With the growing recognition of the risks associated with AI, 73% of surveyed organisations report investing in AI-specific security tools—either by allocating new budgets or by adjusting existing ones. Security for generative AI has become the second highest priority for IT security spending, second only to cloud security, the report found. Organisations are adopting a range of solutions: more than two-thirds have obtained tools from cloud providers, three in five are employing established security vendors, and nearly half are considering options from start-up firms.

This year's report also tracks a modest reduction in the rate of data breaches. In 2021, 56% of organisations surveyed reported having experienced a breach, but this has declined to 45% in 2025. The share of organisations reporting a breach in the preceding 12 months has dropped from 23% in 2021 to 14% in 2025, according to the survey data.

In terms of threats, malware remains the most prevalent attack method since 2021, while phishing has moved to second place, surpassing ransomware, which now ranks third. When analysing threat actors, external sources—namely hacktivists and nation-state actors—are reported as most concerning. Human error, though still significant, has dropped to third position in perceived threat sources.

Quantum computing was identified as a further emerging concern, with 63% of respondents pointing to the potential risk that quantum technologies could eventually compromise both current and future encryption standards. There is also anxiety around key distribution vulnerabilities (cited by 61%) and the "harvest now, decrypt later" threat (raised by 58%), whereby intercepted encrypted data might be decrypted at a future date when quantum resources become more widely available.

In response, half of the organisations surveyed are currently evaluating their encryption strategies to address quantum risks, and 60% are either prototyping or assessing post-quantum cryptography solutions. Only a third reported relying on their telecommunications or cloud providers to facilitate the transition to post-quantum security standards.

Todd Moore, Global Vice President, Data Security Products at Thales, said, "The clock is ticking on post-quantum readiness. It's encouraging that three out of five organisations are already prototyping new ciphers, but deployment timelines are tight and falling behind could leave critical data exposed. Even with clear timelines for transitioning to PQC algorithms, the pace of encryption change has been slower than expected due to a mix of legacy systems, complexity, and the challenge of balancing innovation with security."

The 2025 Thales Data Threat Report concludes that, while improvements in security postures are evident, further steps are necessary to adapt operational data security measures for evolving technologies such as generative AI and to mitigate risks around the adoption of emerging technology across industries.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Data readiness issues lead to half of enterprise AI projects failing
ISACA launches first advanced AI audit certification for auditors
JFrog teams with NVIDIA to boost secure enterprise AI adoption
Workday unveils AI agents to boost HR & finance productivity
NetApp partners with NVIDIA to boost AI data storage in Australia
Top stories
Outpost24 adds AI summaries to boost digital threat analysis
Red Hat secures safety certification for vehicle OS
AI tools expose sensitive data at 99% of organisations
Building Institutional Trust in a Decentralized World
Secureframe unveils AI tool to streamline audit compliance tasks