Mar 2
/
Latest News
Unencrypted Cloud Data and Automated Risks Surging in 2026
The 2026 Thales Data Threat Report has revealed a jarring disconnect between the rapid adoption of artificial intelligence and the foundational security measures required to protect corporate information.
According to the study, which surveyed 3,120 security and IT professionals worldwide in partnership with S&P Global 451 Research, a staggering 47% of sensitive cloud data remains unencrypted. This lack of protection persists even as 70% of organizations now rank AI as their primary data security risk. The central concern highlighted by the report is not necessarily "rogue" technology, but the excessive level of trust companies are placing in automated systems. Sébastien Cano, senior vice president of cloud protection and licensing at Thales, noted that insider risk has evolved to include automated systems that are often trusted too quickly. When encryption and access policies are weak, AI can amplify those vulnerabilities across an enterprise at a speed no human could match.
This vulnerability is compounded by significant blind spots in data management; currently, only 34% of organizations know where all their data resides, and just 39% are capable of fully classifying it. As AI tools are integrated into workflows and customer service, they are frequently granted broad access to these unclassified and unencrypted datasets, often with fewer restrictions than human employees. This environment makes identity systems a prime target, with 67% of respondents citing credential theft as the leading attack technique against cloud infrastructure. Consequently, 52% of IT professionals now identify identity and access management as their most pressing security priority.
The threat landscape is also being reshaped by external actors using AI for malicious purposes. Nearly 60% of companies reported experiencing deepfake-driven incidents, while 48% suffered reputational damage due to AI-generated misinformation or impersonation. Despite these evolving, "machine-speed" threats, corporate investment is failing to keep pace. Only 30% of companies have established a dedicated budget for AI security, leaving the majority to fight automated 2026 threats with legacy programs designed for human users and traditional office perimeters. Eric Hanselman, chief analyst at S&P Global 451 Research, emphasized that continuous data visibility and protection are no longer optional, urging organizations to treat data security as a foundation for innovation rather than an afterthought. Ultimately, the report concludes that AI is not replacing existing threats but accelerating them, warning that without stronger encryption and identity governance, the very systems trusted to drive efficiency may become an enterprise's most powerful risk multipliers.
According to the study, which surveyed 3,120 security and IT professionals worldwide in partnership with S&P Global 451 Research, a staggering 47% of sensitive cloud data remains unencrypted. This lack of protection persists even as 70% of organizations now rank AI as their primary data security risk. The central concern highlighted by the report is not necessarily "rogue" technology, but the excessive level of trust companies are placing in automated systems. Sébastien Cano, senior vice president of cloud protection and licensing at Thales, noted that insider risk has evolved to include automated systems that are often trusted too quickly. When encryption and access policies are weak, AI can amplify those vulnerabilities across an enterprise at a speed no human could match.
This vulnerability is compounded by significant blind spots in data management; currently, only 34% of organizations know where all their data resides, and just 39% are capable of fully classifying it. As AI tools are integrated into workflows and customer service, they are frequently granted broad access to these unclassified and unencrypted datasets, often with fewer restrictions than human employees. This environment makes identity systems a prime target, with 67% of respondents citing credential theft as the leading attack technique against cloud infrastructure. Consequently, 52% of IT professionals now identify identity and access management as their most pressing security priority.
The threat landscape is also being reshaped by external actors using AI for malicious purposes. Nearly 60% of companies reported experiencing deepfake-driven incidents, while 48% suffered reputational damage due to AI-generated misinformation or impersonation. Despite these evolving, "machine-speed" threats, corporate investment is failing to keep pace. Only 30% of companies have established a dedicated budget for AI security, leaving the majority to fight automated 2026 threats with legacy programs designed for human users and traditional office perimeters. Eric Hanselman, chief analyst at S&P Global 451 Research, emphasized that continuous data visibility and protection are no longer optional, urging organizations to treat data security as a foundation for innovation rather than an afterthought. Ultimately, the report concludes that AI is not replacing existing threats but accelerating them, warning that without stronger encryption and identity governance, the very systems trusted to drive efficiency may become an enterprise's most powerful risk multipliers.
Executive IT Forums, Inc.
Educational Programs on Information Technology, Governance, Risk Management, & Compliance (GRC).
Our Newsletter
Get regular updates on CPE programs, news, and more.
Thank you!
Copyright © 2026 Executive IT Forums, Inc. All Rights Reserved.
Get started
Let us introduce our school
Write your awesome label here.