Mounting GenAI Cyber Risks Spur Investment in AI Security – Source: www.infosecurity-magazine.com

Around three-quarters (73%) of organizations are investing in AI-specific security tools, amid growing concern about GenAI cyber risks, according to Thales 2025 Data Threat Report.

This investment comes either through new budgets or by reallocating existing resources.

Over two-thirds have acquired such tools from their cloud providers, three in five are leveraging established security vendors and around half are turning to new or emerging startups.

Additionally, security specifically for AI has risen to the second highest security spending priority, behind cloud security.

Nearly 70% of IT and security professionals surveyed cited the rapidly changing GenAI ecosystem as the most concerning security risk for adoption of this technology.

This changing ecosystem includes new infrastructures, SaaS services and autonomous agents.

Other prominent security concerns related to GenAI cited by respondents are lack of integrity (64%) and trustworthiness (57%).

These concerns come amid a significant growth in GenAI use in businesses, with one-third of organizations stating that they are in the ‘integration’ or ‘transformation’ phase of integration.

Eric Hanselman, Chief Analyst at 451 Research, who conducted the research, commented: “The fast-evolving GenAI landscape is pressuring enterprises to move quickly, sometimes at the cost of caution, as they race to stay ahead of the adoption curve. Many enterprises are deploying GenAI faster than they can fully understand their application architectures, compounded by the rapid spread of SaaS tools embedding GenAI capabilities, adding layers of complexity and risk.”

Half of Organizations Hit by a Data Breach

The report found that 45% respondent enterprises have experienced a data breach. This represents a slight fall from 49% in 2024.

Thales noted that there has been a gradual downward trend in organizations affected by a breach since 2021, when it was 56%.

Read now: Over 40% of UK Businesses Faced Cybersecurity Breaches in 2024

Just 14% of organizations reported a breach in the past 12 months, which compares to 15% a year ago.

The report also highlighted a notable link between compliance achievement and breach occurrence.

In 2025, 78% of enterprises that failed compliance audits had a breach history, versus 21% of those that passed compliance.

The top three attack types observed in the past year were malware, phishing and ransomware.

Encouragingly, the survey identified that a significant number of organizations are investing in stronger authentication methods, moving away from passwords.

Nearly 60% of respondents reported using biometrics, while 47% use passwordless authentication like passkeys.

Such solutions are effective at preventing account compromise attacks such as phishing and credential stuffing.

The report surveyed over 3000 IT and security professionals in 20 countries across 15 industries.