64% of organizations ranked cloud security among their top five concerns, and 17% identified it as their number one priority. These numbers make cloud security one of the most urgent cybersecurity issue of 2025
The 2025 Thales Global Cloud Security Study reveals that although cloud security is widely acknowledged as the most urgent cybersecurity challenge, it still receives insufficient attention and protection.
Cloud ranked in list of concern
According to the Thales report, 64% of organisations ranked cloud security among their top five concerns, and 17 % identified it as their number one priority. These numbers make cloud security one of the most urgent cybersecurity issue of 2025.
But here’s the kicker: despite this recognition, organisations are struggling to secure their cloud environments, and in many cases, are actively falling behind.
Vast Data has less protection
The report reveals that 85% of organizations now store 40% or more of their sensitive data in the cloud. That includes customer information, health records, trade secrets, anything that could ruin a company or hurt individuals if exposed.
Yet only 8% of respondents encrypt more than 80% of their cloud data. That means in most cases, even highly sensitive information can be accessed if the wrong person gains entry.
Only 65% of companies use multifactor authentication (MFA) to control access to cloud systems, leaving many vulnerable to the simplest type of breach: stolen passwords.
Third party risk or human error remains the leading cause of cloud breaches. Misconfigured settings, forgotten credentials, and poorly secured APIs can all act as open doors.
Even though 68% of respondents reported a rise in attacks using stolen credentials or secrets, protections against such breaches remain inconsistent. This gap between awareness and action continues to put sensitive data at risk.
Complexity in cloud
One reason cloud security is so hard to manage is the complexity.
The average enterprise today uses:
- 2.1 public cloud providers
- 85 different SaaS (Software as a Service) applications
- 5 or more tools for data discovery or classification
- 5 or more separate systems just to manage encryption keys
That’s a tangled web for even the most skilled IT teams to manage. As Sebastien Cano, Thales’ Senior VP for Cyber Security Products, bluntly put it: “Security strategies haven’t kept pace with adoption.”
AI cloud
Adding to the burden is the surge in AI adoption. Training large language models or deploying AI-driven analytics often requires massive volumes of cloud-stored data.
Yet 52% of organisations now admit AI security spending is cutting into traditional cybersecurity budgets. That means, in many cases, protecting the infrastructure is taking a backseat to chasing the promise of AI.
