Thales 2025 Cloud Security Study warns AI and cloud adoption outpace protection

Thales’ 2025 study finds cloud and AI security lagging behind adoption. With rising SaaS sprawl and access attacks, organisations face growing risks from missteps, weak controls and fragmented security tools.

author-image
DQC Bureau
New Update
Cloud security and AI protection collide as organisations fall behind, Thales study warns

Thales 2025 Cloud Security Study warns AI and cloud adoption outpace protection

Organisations worldwide are doubling down on cloud and AI, but their security strategies are lagging. That’s the blunt takeaway from the 2025 Global Cloud Security Study by Thales, conducted in partnership with S&P Global Market Intelligence’s 451 Research.

Advertisment

The research, based on insights from nearly 3,200 professionals across 20 countries, paints a worrying picture: while adoption of cloud and AI technologies is accelerating, the ability to secure them isn’t keeping pace.

AI moves up the security food chain

AI-specific security, once a niche concern, is now front and centre. It’s climbed to second place in global enterprise security priorities, just behind cloud security. More than half (52%) of respondents said they are prioritising AI-related security spend over other areas.

Advertisment

This reflects a clear shift in enterprise posture. As AI tools ingest and generate sensitive data at scale, organisations are waking up to the new risk vectors these systems introduce, especially when deployed in multi-cloud environments.

The study underscores a harsh reality: cloud is no longer optional, but it’s still hard to secure.

Nearly two-thirds (64%) of those surveyed listed cloud security among their top five concerns. One in six said it was their number one worry. Despite this awareness, challenges persist.

Advertisment

Some of the standout findings:

  • 55% say securing cloud infrastructure is harder than on-prem—up from last year.

  • The average organisation now uses 2.1 public cloud providers, alongside on-prem setups.

  • SaaS usage has spiked to an average of 85 applications per enterprise.

  • 61% are juggling five or more tools just to discover, classify or monitor cloud data.

  • 57% rely on five or more encryption key management systems.

This tool sprawl is a red flag. It introduces gaps, increases costs and makes consistent policy enforcement nearly impossible, especially when dealing with dynamic cloud environments.

Advertisment

Cloud resources are now among the top targets for cyberattacks. Four of the five most-attacked assets reported in the study are cloud-based.

Access-based attacks are spiking, too. A worrying 68% of respondents say these are on the rise, driven by credential theft and loose access controls.

What’s even more alarming?

Advertisment
  • 85% say at least 40% of their cloud data is sensitive.

  • But only 66% have implemented multi-factor authentication (MFA).

That’s a wide security gap. And it’s not always about sophisticated threats—human error still plays a huge role. Misconfigured services. Over-provisioned access. Weak passwords. These are the classic mistakes that continue to open the door to attackers.

Sebastien Cano, SVP, Cyber Security Products Thales, says

Advertisment

 “The accelerating shift to cloud and AI is forcing enterprises to rethink how they manage risk at scale. With over half of cloud data now classified as sensitive, and yet only a small fraction fully encrypted, it’s clear that security strategies haven’t kept pace with adoption”.

What emerges is a picture of fragmented security. Teams are struggling to integrate policies across platforms, align tools, and maintain visibility in real time.

Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research, summed it up:
“A rising number of respondents report challenges in securing their cloud assets, an issue that is further amplified by the demands of AI projects that often operate in the cloud and require access to large volumes of sensitive data. In this environment, strengthening cloud security and streamlining operations are essential steps toward enhancing overall security effectiveness and resilience.”

Advertisment

Enterprises aren’t short on cloud ambition. Nor are they ignoring AI. But the Thales 2025 study makes it clear—they’re underestimating the complexity and scale of what it takes to secure them.

As cloud workloads balloon and AI-driven data flows expand, the pressure is now on CISOs and security teams to rethink architecture, tighten controls, and reduce tool clutter. Because in this new hybrid era, it’s not just about what’s in the cloud. It’s about how secure it truly is. 

Read more : 

Navigating Cloud Cost, Compliance, and AI: Guiding Indian SMBs & Enterprises

Tenable report flags AI cloud workloads as rising security blind spots

The Future of Indian Tech Startups: Predictions Shaped by 2025’s Emerging Trends

Supervity introduces B2A framework to replace legacy RPA with AI agents