Artificial IntelligencePress Release

Thales: 71% of Asia Pacific Organisations Rank AI as Top Data Security Risk

Broader Access to Enterprise Data Across Environments Requiring Organisations to Treat Data Visibility and Encryption as Core Security Elements

The Thales 2026 Data Threat Report has found that organisations across various markets, including automotive, energy, finance, and retail, say the rapid pace of Artificial Intelligence (AI)-driven transformation is now their biggest security challenge. Based on the Thales report’s research, conducted by S&P Global 451 Research, 71% of organizations in Asia Pacific (APAC) cite AI as their top data security risk. The concern is not only about malicious AI, but also about the access it is being granted as it shifts from a tool to a trusted insider.

As enterprises embed AI into workflows, analytics, customer service, and development pipelines, these systems are being granted broad, automated access to enterprise data, often with fewer controls than those applied to human users in a corporate environment.

“Insider risk is no longer just about people. It is also about automated systems that have been trusted too quickly,” says Sebastien Cano, Senior Vice President, Cybersecurity Products, at Thales. “When identity governance, access policies, or encryption are weak, AI can amplify those weaknesses across corporate environments far faster than any human ever could.”

“Across Asia Pacific, organisations are embedding AI into their operations at a remarkable speed. Whilst that momentum is positive, protection isn’t keeping up,” says Andy Zollo, Senior Vice President for Application & Data Security (APJ) at Thales. “Credential theft and human error remain at the heart of most breaches. In 2026, the real challenge for APAC leaders isn’t just adopting AI; it’s about gaining visibility into where data lives and how identities are being used. You cannot secure what you can’t see, and in an AI-driven world, that lack of visibility is a risk no business can afford.”

Visibility Gaps Are Widening as AI Expands Data Reach

The Thales report reveals a troubling disconnect between AI adoption and data control. Only 35% of organisations in APAC know where all their data resides, regardless of criticality, and just 40% can fully classify it. Meanwhile, nearly half (47%) of sensitive cloud data remains unencrypted. Data visibility is notably lower in Singapore (28%), New Zealand (29%), and South Korea (29%), where fewer organisations have complete knowledge of where their data is stored.

As AI systems ingest and act on data across cloud and SaaS environments, limited visibility makes enforcing least-privileged access increasingly difficult, that is, granting only the strictly necessary access rights. This increases the extent of exposure if credentials are compromised.

Identity infrastructure in APAC is now the primary attack surface, mirroring global trends. Nearly 70% of organisations cite credential theft as the leading attack technique against cloud management infrastructure, exceeding the global average of 67%.

Hong Kong stands out as an exception, with a comparatively lower incidence of credential theft (44%). Instead, organisations there point to vulnerabilities stemming from third parties, including external code and APIs (67%), highlighting a different but equally pressing cloud risk profile.

At the same time, 42% of APAC respondents to the Thales survey rank secrets management among their top application security challenges, underscoring the growing complexity of governing machine identities, API (application programming interface) keys, and tokens at scale.

AI Is Powering More Convincing Attacks, Thales FInds

While organisations race to adopt AI, attackers are doing the same. Similar to global trends, nearly 60% of companies in APAC have experienced deepfake-driven attacks, and 50% report reputational damage tied to AI-generated misinformation or impersonation campaigns. However, India (65%) stands out for its higher levels of deepfake exposure and reputational fallout (55%).

As AI introduces new risks, it also increases existing ones, according to the Thales report. Human error already contributes to 30% of breaches in the region, and with automation layered on top, small mistakes can scale faster and spread wider.

Security Investment Is Shifting, But Not at the Pace of the New Risks

While organisations recognise the need to adapt, investment is not keeping pace with the rapid expansion of AI-driven access and automation. 31% in Asia Pacific now dedicate specific budgets to AI security, with Singapore (41%) and Hong Kong (39%) leading the region on dedicated AI security budgets. However, the majority (51%) still depend on traditional security programmes built primarily for human users and perimeter-based controls. As machines increasingly authenticate, access, and act autonomously, many security strategies have yet to adjust to this shift in operating models.

“As AI becomes deeply embedded into enterprise operations, continuous data visibility and protection are no longer optional,” said Eric Hanselman, Chief Analyst at S&P Global 451 Research. “Organisations must treat data security strategy as foundational to innovation, not separate from it.”

Trust Must Evolve as Machines Gain Access

AI is not replacing traditional threats; rather, it is intensifying them by increasing their speed, scale, and reach. As automated systems gain broader access to enterprise data, organisations must rethink identity, encryption, and data visibility as core infrastructure. The organisations that embed strong governance into their AI strategies will be better positioned to innovate securely and avoid turning AI into their newest insider threat.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *