Thales 2025 Global Cloud Security Study Reveals Organisations Struggle to Secure Expanding, AI-Driven Cloud Environments

52% report AI security spending is displacing traditional security budgets. 55% report cloud environments are more complex to secure than on-premises infrastructure. Enterprises now use an average of 85 SaaS applications, contributing to security tool sprawl

Date:

New Delhi: Thales, a global leader in technology and cybersecurity, June 30 released the findings of its 2025 Cloud Security Study conducted by S&P Global Market Intelligence 451 Research, revealing that AI-specific security has rapidly emerged as a top enterprise priority, ranking second only to cloud security. Over half (52%) of respondents said they are prioritising AI security investments over other security needs, signaling a shift in how organisations are allocating budgets in response to the accelerated adoption of AI. This year’s research captures perspectives on cloud security challenges from nearly 3,200 respondents in 20 countries across a variety of seniority levels.

Cloud remains at the forefront of security considerations

Cloud is now an essential part of modern enterprise infrastructure, but many organisations are still building the skills and strategies needed to secure it effectively. The variability of controls across cloud providers, combined with the distinct mindset required for cloud security, continues to challenge security teams. This pressure is only increasing as AI initiatives drive more sensitive data into cloud environments, amplifying the need for robust, adaptable protections.

ads

This year’s Thales Cloud Security Study confirms that cloud security remains a top concern for enterprises worldwide. Nearly two-thirds (64%) of respondents ranked it among their top five security priorities, with 17% identifying it as their number one. Security for AI, a new addition to the list of spending priorities this year, ranked second overall, highlighting its growing importance. Despite sustained investment, cloud security remains a complex, persistent challenge that goes beyond technology to include staffing, operations, and the evolving threat landscape.

“The accelerating shift to cloud and AI is forcing enterprises to rethink how they manage risk at scale,” Sebastien Cano, Senior Vice President, Cyber Security Products at Thales, said. “With over half of cloud data now classified as sensitive, and yet only a small fraction fully encrypted, it’s clear that security strategies haven’t kept pace with adoption. To remain resilient and competitive, organisations must embed strong data protection into the core of their digital infrastructure.”

The average number of public cloud providers per organisation has risen to 2.1, with most also maintaining on-prem infrastructure. This growing complexity is driving security challenges with 55% of respondents reporting that cloud is harder to secure than on-prem, a 4-percentage-point increase from last year. As organisations expand through growth or M&A, they’re also seeing a surge in SaaS usage, now averaging 85 applications per enterprise, complicating access control and data visibility.

This complexity extends to security operations, with many teams struggling to align policies across varied platforms. The study found that 61% of organisations use five or more tools for data discovery, monitoring, or classification, and 57% use five or more encryption key managers.

big bang

Attacks target cloud resources with human error remaining a top vulnerability

Cloud infrastructure is a prime target for attackers as organisations continue to struggle with securing increasingly complex environments. According to the 2025 Thales Cloud Security Study, four of the top five most targeted assets in reported attacks are cloud-based. The rise in access-based attacks, as reported by 68% of respondents, underscores growing concerns around stolen credentials and insufficient access controls. Meanwhile, 85% of organisations say at least 40% of their cloud data is sensitive, yet only 66% have implemented multifactor authentication (MFA), leaving critical data exposed. Compounding the issue, human error remains a major contributing factor in cloud security incidents, from misconfigurations to poor credential management.

“A rising number of respondents report challenges in securing their cloud assets, an issue that is further amplified by the demands of AI projects that often operate in the cloud and require access to large volumes of sensitive data,” Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research, said. “Compounding this issue, four of the top five targeted assets in reported attacks are cloud-based. In this environment, strengthening cloud security and streamlining operations are essential steps toward enhancing overall security effectiveness and resilience.”

huges

More like this

SCD Israel Receives New Order for Sparrow MWIR Detectors

Tel Aviv: Israeli company SCD, specialising in the development...

Roboteam Launches Centralised Command-and-Control Platform Roboteam HUB

Tel Aviv: Israeli company Roboteam, a developer and manufacturer...

Proud Moment for GRSE: Second ASW SWC INS Androth Gets Commissioned Into Navy

Kolkata/Visakhapatnam: INS Androth – second in a series of...

Thrustworks Dynetics Secures Strategic Investment to Advance Next-Generation Rocket Propulsion Systems

Mumbai | Pune – Thrustworks Dynetics (TWD), a propulsion...

Sir Creek – The New Conflict Zone: Implications For National Security

On October 2, 2025, at a military base in...

Indian Navy Set to Commission Second ASW-SWC Androth – A Steady March With New Indigenous Inductions

Visakhapatnam: The Indian Navy is set to commission Androth,...

Exercise Konkan – 2025 Commences on the Western Seaboard

New Delhi: Indian Navy and Royal Navy bilateral Exercise...

Trump’s South Asia Ploy: Woo Pakistan, Use Bangladesh, Weaken India

Trump administration’s deepening of engagement with Pakistan and Bangladesh...
Indian Navy Special EditionLatest Issue