a day ago
85% of tech firms store sensitive data in the Cloud, only 8% encrypt it properly
64% of organisations ranked cloud security among their top five concerns, and 17 per cent identified it as their number one priority. These numbers make cloud security one of the most urgent cybersecurity issue of 2025 read more
Imagine storing your entire life in a digital locker– photos, emails, financial records, work files– and then handing over the keys to someone else. That, in essence, is what millions of businesses around the world do every day when they move their operations to the cloud.
But here's the problem: even though the cloud is now the backbone of modern life and work, the security protecting it remains worryingly thin.
The 2025 Thales Global Cloud Security Study reveals that although cloud security is widely acknowledged as the most urgent cybersecurity challenge, it still receives insufficient attention and protection.
STORY CONTINUES BELOW THIS AD
What Is the Cloud? And why should you care?
Think of the cloud as a global network of powerful computers that store, process, and deliver data through the internet. If you've used Google Drive, streamed Netflix, used Amazon Alexa recently, or accessed your office email remotely, you've used the cloud.
Now, scale that up to businesses, governments, hospitals, and banks. Almost everything we rely on, from airline reservations to medical records, is stored and managed in the cloud. And that's what makes cloud security everyone's business.
Cloud security tops the worry list (again)
According to the Thales report, 64 per cent of organisations ranked cloud security among their top five concerns, and 17 per cent identified it as their number one priority. These numbers make cloud security one of the most urgent cybersecurity issue of 2025.
But here's the kicker: despite this recognition, organisations are struggling to secure their cloud environments, and in many cases, are actively falling behind.
So much data, such little protection
The report reveals that 85 per cent of organisations now store 40 per cent or more of their sensitive data in the cloud. That includes customer information, health records, trade secrets, anything that could ruin a company or hurt individuals if exposed.
Yet only 8 per cent of respondents encrypt more than 80 per cent of their cloud data. That means in most cases, even highly sensitive information can be accessed if the wrong person gains entry.
And the gatekeeping? Often lacking. Only 65 per cent of companies use multifactor authentication (MFA) to control access to cloud systems, leaving many vulnerable to the simplest type of breach: stolen passwords.
Human error: The weakest link
While external threats like hackers and nation-state attackers dominate headlines, human error remains the leading cause of cloud breaches. Misconfigured settings, forgotten credentials, and poorly secured APIs can all act as open doors.
Even though 68 per cent of respondents reported a rise in attacks using stolen credentials or secrets, protections against such breaches remain inconsistent. This gap between awareness and action continues to put sensitive data at risk.
The complexity crisis
One reason cloud security is so hard to manage is the complexity.
The average enterprise today uses:
2.1 public cloud providers
85 different SaaS (Software as a Service) applications
5 or more tools for data discovery or classification
5 or more separate systems just to manage encryption keys
That's a tangled web for even the most skilled IT teams to manage. As Sebastien Cano, Thales' Senior VP for Cyber Security Products, bluntly put it: 'Security strategies haven't kept pace with adoption.'
AI: The new cloud strain
Adding to the burden is the surge in AI adoption. Training large language models or deploying AI-driven analytics often requires massive volumes of cloud-stored data.
Yet 52 per cent of organisations now admit AI security spending is cutting into traditional cybersecurity budgets. That means, in many cases, protecting the infrastructure is taking a backseat to chasing the promise of AI.
STORY CONTINUES BELOW THIS AD
This shift creates an uncomfortable scenario: organisations are moving faster into AI-powered cloud solutions while their basic security posture remains dangerously underdeveloped.
Digital sovereignty and data location worries
With regulations tightening globally, concerns about where data is stored are growing. But for many companies, compliance is only part of the picture. 33 per cent said the main reason for pursuing digital sovereignty is ensuring portability—the ability to move workloads across borders or providers.
However, only 42 per cent believe encryption and key management alone are enough to meet sovereignty goals, suggesting even the technical solutions are not widely trusted or properly implemented.
&w=3840&q=100)
