A new global study by Thales, conducted in partnership with S&P Global Market Intelligence 451 Research, reveals that AI-specific security has rapidly become a top enterprise concern, second only to cloud security in 2025. The shift signals a profound reallocation of cybersecurity budgets as companies race to secure sensitive data amid the dual rise of AI technologies and cloud infrastructure.
According to the 2025 Thales Cloud Security Study, 52% of respondents reported that spending on AI security is displacing traditional security investments. The study, based on input from nearly 3,200 professionals across 20 countries, paints a complex picture of how modern enterprises are struggling to protect expanding and increasingly hybrid IT environments.
Cloud: A Persistent and Growing Challenge
Despite years of adoption, cloud security remains deeply challenging, with 64% of organizations ranking it among their top five security concerns—and 17% placing it as their top concern overall. Cloud environments are now home to over 40% of sensitive enterprise data, yet only a small proportion is fully encrypted, the study reveals.
Further compounding the issue, 55% of respondents say that cloud environments are harder to secure than on-premises infrastructure—a rise of 4 percentage points from 2024. This is largely attributed to the growing use of multiple cloud providers (average of 2.1 per enterprise) and a surge in SaaS adoption, now averaging 85 applications per organization.
The result is what experts call security tool sprawl:
- 61% of organizations use 5 or more tools for data discovery and classification
- 57% manage 5 or more encryption key platforms
This fragmentation poses significant challenges in policy enforcement, access control, and incident response.
Human Error and Access-Based Attacks Lead Risk Landscape
Security leaders continue to cite human error as a persistent threat in cloud security, from misconfigured storage buckets to weak credentials. The study found that:
- 68% of organizations report rising access-based attacks, such as credential theft
- 85% admit that at least 40% of their cloud data is sensitive, yet only 66% have deployed multi-factor authentication (MFA)
These figures suggest a dangerous gap between data sensitivity and protection practices, leaving organizations exposed to both internal and external threats.
AI Projects Add New Security Pressure
The adoption of AI projects—most of which operate in cloud environments—has intensified security demands. These projects often involve large-scale data access, heightening risks and creating new attack surfaces.
“The accelerating shift to cloud and AI is forcing enterprises to rethink how they manage risk at scale,” said Sebastien Cano, SVP of Cyber Security Products at Thales.
“To remain resilient, organizations must embed strong data protection into the core of their digital infrastructure.”
What’s Next for Enterprise Security?
The report calls for streamlined security operations, improved access controls, and a reduction in tool complexity as key steps toward resilience. It also urges organizations to prioritize encryption, zero trust frameworks, and cloud-native security practices in tandem with their AI development roadmaps.
To explore the findings in detail, the full report and an accompanying webinar hosted by Chief Analyst Eric Hanselman are available through Thales and S&P Global Market Intelligence.
As enterprises navigate an increasingly digital and AI-driven world, securing the cloud and AI ecosystems will define the next frontier in cybersecurity.