Thales_LOGO_RGB
EXN_Logo_white

Thales Data Threat Report 2026

AI as the Most Common “Internal” Security Risk

Thales recently published the Data Threat Report 2026, a report that focuses on the complex decisions organizations must make in order to drive innovation while also protecting their most valuable resource - data.

AI Is Now the #1 Internal Data Security Risk

Innovation vs. Security

Organizations are under increasing pressure to support AI-driven innovation. For AI systems to deliver value, they need access to large volumes of often sensitive information.
 
Security teams must ensure that data remains accessible for business needs while also being properly protected and compliant with regulations. As a result, establishing strong and secure data management practices has become a critical priority for modern organizations.

AI Is Reshaping the Security Landscape

Around 70% of organizations say that the speed at which the AI ecosystem is evolving is their biggest challenge. As AI continues to advance, it is dramatically increasing the volume of data being accessed.

The traditional boundaries between human users and machines are starting to blur, creating new security and governance challenges. Because of this shift, organizations urgently need to modernize their approach to identity management, access controls, and authorization models.

Cloud and Complexity

Cloud environments have become the most frequently targeted attack vector for cyber threats. Both cloud applications and the underlying cloud infrastructure are at risk.
 
These risks are further intensified by the growing complexity of modern IT environments. Many organizations rely on fragmented security tools, lack unified visibility across their systems, and operate in complex hybrid environments that are difficult to manage. As a result, a significant number of organizations do not have a clear or complete understanding of their overall security posture.

Visibility Gaps

Only about half of organizations have a complete understanding of where all their data is stored. Less than half of the data stored in cloud environments is properly encrypted.
 
Many teams also lack essential tools and processes, such as data classification frameworks, clear visibility into how data is being used, and control over the flow of sensitive information. This lack of visibility directly weakens their ability to protect critical data and increases the risk of security incidents.

Encryption and Identity Management

Identity and access management (IAM), encryption, and key management are foundational pillars of data protection. When implemented effectively, these measures help prevent unauthorized access and reduce the risks.
 
However, many organizations still fall short in this area. A significant number lack full encryption coverage for their sensitive data, and they often have limited visibility into their encryption keys, leaving critical information exposed to potential threats.

The Quantum Threat

A new type of cyberattack, known as “Harvest Now, Decrypt Later” (HNDL), is beginning to emerge. In these attacks, cybercriminals collect encrypted data today with the intention of decrypting it later, once quantum computers become powerful enough to break traditional encryption methods.
 
Organizations must start future-proofing their encryption strategies now to ensure their sensitive information remains secure in the quantum era.

Data-Driven Marketing

Data Security Maturity Is Still Low

  • Incomplete data visibility
  • Weak encryption adoption
  • Poor secrets management

These weaknesses leave organizations vulnerable to a growing range of threats, including attacks driven by AI and automated exploitation techniques.

2026-thales-data-threat-report-bigtn
Get the Thales Data Threat Report 2026

What Organizations Must Do Next

To address these challenges, organizations need to implement a modern data security framework. This should include identity-first security models, strong access governance, end-to-end encryption, and robust cloud security controls.

Have more questions? Contact our Thales team