2025 Thales Data Threat Report Reveals Top GenAI-Related Security Risk
Malware (50%), ransomware (39%), and phishing (37%) are the top three threats reported in APAC
Thales has released the 2025 Thales Data Threat Report, its annual report on the latest data security threats, trends, and emerging topics based on a survey conducted by S&P Global Market Intelligence 451 Research of more than 3,100 IT and security professionals in 20 countries across 15 industries.
In Asia Pacific (APAC), the markets surveyed for the 2025 Thales Data Threat Report were Australia, India, Japan, New Zealand, Singapore, South Korea, and Hong Kong. This year’s report found that over 65% of APAC organisations view the rapid pace of Artificial Intelligence (AI) development, particularly in generative AI (GenAI), as the leading security concern related to its adoption, followed by lack of integrity (63%) and trustworthiness (55%).
The 2025 Thales Data Threat Report results reveal a major focus on the transformative impact of AI, especially GenAI, which relies heavily on high-quality, sensitive data for functions like training, inference, and content generation. As agentic AI emerges, ensuring data quality becomes even more critical for enabling sound decision-making and actions by AI systems. Many organisations are already adopting GenAI, with 34% of APAC respondents indicating it is either being integrated or is actively transforming their operations.
Organisations Embrace GenAI, Taking on Greater Security Risks Amid Rapid Adoption—2025 Thales Data Threat Report
As GenAI introduces complex data security challenges and offers strategic opportunities to strengthen defences, its growing integration marks a shift among organisations from experimentation to more mature, operational deployment. While most APAC respondents to the 2025 Thales Data Threat Report said rapid adoption of GenAI is their top security concern, respondents in the more advanced stages of AI adoption are not waiting to fully secure their systems or optimise their tech stacks before forging ahead. Because the drive to achieve rapid transformation often outweighs efforts to strengthen organisational readiness, these organisations may inadvertently be creating their own biggest security vulnerabilities.
“The fast-evolving GenAI landscape is pressuring enterprises to move quickly, sometimes at the cost of caution, as they race to stay ahead of the adoption curve,” said Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research. “Many enterprises are deploying GenAI faster than they can fully understand their application architectures, compounded by the rapid spread of SaaS tools embedding GenAI capabilities, adding layers of complexity and risk.”
Additionally, 72% of APAC respondents report investing in AI-specific security tools, either through new budgets or by reallocating existing resources. Those prioritising AI security in APAC are diversifying their approaches: 68% have acquired tools from their cloud providers, 62% are leveraging established security vendors, and 47% are turning to new or emerging startups.
Data Breaches Remain Largely Unchanged, Threats Remain Elevated
While data breaches remain a significant concern, their frequency has slightly decreased compared to last year. About 47% of surveyed APAC enterprises for the 2025 Thales Data Threat Report bared experiencing a breach, compared to 48% last year. Additionally, the percentage of respondents reporting a breach within the last 12 months has fallen to 14% this year, compared to 16% from last year.
The top three most prevalent threats in APAC include malware at 50%, ransomware at 39%, and phishing at 37%. Among the most concerning threat actors, hacktivists and financially motivated malicious insiders are seen as the leading sources of risk.
Vendors Pressed on Post-Quantum Readiness as Encryption Strategies Are Reassessed
The 2025 Thales Data Threat Report reveals that most organisations are increasingly concerned about quantum-related security risks. The top threat, cited by 60% of APAC respondents, is future encryption compromise—the risk that quantum computers could eventually break current or future encryption algorithms, exposing data once considered secure.
Close behind, 60% identified key distribution vulnerabilities, where quantum advancements could undermine the secure exchange of encryption keys. Additionally, 56% highlighted the “harvest now, decrypt later” (HNDL) threat, where encrypted data intercepted today could be decrypted in the future. In response, 47% of APAC organisations are assessing their encryption strategies, and 59% are actively prototyping or evaluating post-quantum cryptography (PQC) solutions. Only 31% are placing their trust in telecom or cloud providers to manage the transition.
“The clock is ticking on post-quantum readiness. It’s encouraging that three out of five organisations are already prototyping new ciphers, but deployment timelines are tight and falling behind could leave critical data exposed,” Todd Moore, Global Vice President, Data Security Products, at Thales, said. “Even with clear timelines for transitioning to PQC algorithms, the pace of encryption change has been slower than expected due to a mix of legacy systems, complexity, and the challenge of balancing innovation with security.”
While the results of the 2025 Thales Data Threat Report indicate improvements in security posture, much more is needed to elevate operational data security to fully support the capabilities of emerging technologies such as GenAI and to pave the way for future innovations.
