Thales releases 2025 cloud security study: AI security emerges as a leading priority

Thales, a global provider of technology and cybersecurity, has today published the findings of its 2025 Cloud Security Study, conducted by S&P Global Market Intelligence’s 451 Research. The study reveals that security specific to artificial intelligence (AI) has rapidly become a key priority for enterprises, second only to cloud security. More than half (52%) of respondents indicated that they are prioritising AI security investments over other areas, reflecting a significant shift in how organisations are allocating security budgets in response to the rapid adoption of AI technologies.This year’s research draws on insights from nearly 3,200 respondents across 20 countries, encompassing a broad range of roles and seniority levels.

Cloud remains central to security strategies

Cloud infrastructure continues to be an essential component of modern enterprise IT. However, many organisations are still developing the capabilities and strategies required to secure these environments effectively. Security teams face ongoing challenges due to the variation in controls between cloud providers and the different mindset required for managing cloud security. These challenges are further exacerbated as AI initiatives introduce more sensitive data into cloud ecosystems, increasing the need for flexible, robust security measures.

The 2025 Thales Cloud Security Study confirms that cloud security remains a top concern for organisations globally. Nearly two-thirds (64%) of respondents placed it among their top five security priorities, with 17% citing it as their highest priority. AI security, included as a spending priority for the first time this year, ranked second overall, underscoring its growing relevance. Despite sustained investment, cloud security remains a multifaceted challenge, involving not only technology but also staffing, operations, and the constantly evolving threat landscape

“The accelerating shift to cloud and AI is forcing enterprises to rethink how they manage risk at scale,” said Sebastien Cano, Senior Vice President, Cyber Security Products at Thales. “With over half of cloud data now classified as sensitive,and yet only a small fraction fully encrypted, it’s clear that security strategies have not kept pace with adoption. To stay resilient and competitive, organisations must embed strong data protection at the core of their digital infrastructure.”

The average number of public cloud providers used by organisations has increased to 2.1, with most also maintaining on-premises infrastructure. This growing complexity is contributing to security difficulties; 55% of respondents said cloud environments are harder to secure than on-premise ones, up four percentage points from the previous year. Expansion through mergers, acquisitions, or organic growth is also driving increased use of SaaS applications, with enterprises now averaging 85 such tools. This trend is further complicating data visibility and access control.

Operational complexity is also a significant concern, with many organisations struggling to enforce consistent policies across diverse platforms. The study found that 61% of respondents use five or more tools for data discovery, monitoring, or classification, and 57% rely on five or more encryption key managers.

Cloud remains a target as human error persists

As organisations face increasing complexity in their cloud environments, attackers continue to target these resources. According to the study, four of the five most targeted assets in reported attacks are cloud-based. The rise in access-related attacks, reported by 68% of respondents, reflects growing concerns over stolen credentials and inadequate access controls. Despite 85% of organisations stating that at least 40% of their cloud data is sensitive, only 66% have implemented multifactor authentication (MFA), leaving significant amounts of data exposed.

Human error remains a leading cause of cloud security incidents, from misconfigurations to weak credential management,“A rising number of respondents report challenges in securing their cloud assets, an issue intensified by the demands of AI projects, which frequently operate in the cloud and involve large volumes of sensitive data,” said Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research. “Compounding this, four of the top five targeted assets in reported attacks are cloud-based. In this context, strengthening cloud security and streamlining operations are critical to enhancing overall resilience and security effectiveness.”