Organisations prioritise AI security as GenAI adoption accelerates
The report, produced in partnership with S&P Global Market Intelligence 451 Research, is based on a survey of over 3,100 IT and security professionals across 20 countries and 15 industries. It highlights that, beyond the speed of AI development, 64% of respondents cited concerns around AI integrity, while 57% pointed to questions regarding the trustworthiness of these technologies.
The survey results reflect a significant shift in how organisations are engaging with generative AI, with one third of respondents indicating that it is either being integrated or is actively transforming their operations. According to the report, as agentic AI increases in prominence and is relied upon to make decisions and generate content, the overall quality and sensitivity of data involved becomes ever more crucial to ensure sound outputs and organisational security.
The research found that organisations are moving from experimenting with GenAI to operational deployment. However, this transition brings greater security risks. The findings suggest that many organisations are not waiting to secure their systems or fully optimise their technology stacks prior to implementing GenAI, potentially exposing themselves to vulnerabilities.
Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research, commented, "The fast-evolving GenAI landscape is pressuring enterprises to move quickly, sometimes at the cost of caution, as they race to stay ahead of the adoption curve. Many enterprises are deploying GenAI faster than they can fully understand their application architectures, compounded by the rapid spread of SaaS tools embedding GenAI capabilities, adding layers of complexity and risk."
With the growing recognition of the risks associated with AI, 73% of surveyed organisations report investing in AI-specific security tools—either by allocating new budgets or by adjusting existing ones. Security for generative AI has become the second highest priority for IT security spending, second only to cloud security, the report found. Organisations are adopting a range of solutions: more than two-thirds have obtained tools from cloud providers, three in five are employing established security vendors, and nearly half are considering options from start-up firms.
This year's report also tracks a modest reduction in the rate of data breaches. In 2021, 56% of organisations surveyed reported having experienced a breach, but this has declined to 45% in 2025. The share of organisations reporting a breach in the preceding 12 months has dropped from 23% in 2021 to 14% in 2025, according to the survey data.
In terms of threats, malware remains the most prevalent attack method since 2021, while phishing has moved to second place, surpassing ransomware, which now ranks third. When analysing threat actors, external sources—namely hacktivists and nation-state actors—are reported as most concerning. Human error, though still significant, has dropped to third position in perceived threat sources.
Quantum computing was identified as a further emerging concern, with 63% of respondents pointing to the potential risk that quantum technologies could eventually compromise both current and future encryption standards. There is also anxiety around key distribution vulnerabilities (cited by 61%) and the "harvest now, decrypt later" threat (raised by 58%), whereby intercepted encrypted data might be decrypted at a future date when quantum resources become more widely available.
In response, half of the organisations surveyed are currently evaluating their encryption strategies to address quantum risks, and 60% are either prototyping or assessing post-quantum cryptography solutions. Only a third reported relying on their telecommunications or cloud providers to facilitate the transition to post-quantum security standards.
Todd Moore, Global Vice President, Data Security Products at Thales, said, "The clock is ticking on post-quantum readiness. It's encouraging that three out of five organisations are already prototyping new ciphers, but deployment timelines are tight and falling behind could leave critical data exposed. Even with clear timelines for transitioning to PQC algorithms, the pace of encryption change has been slower than expected due to a mix of legacy systems, complexity, and the challenge of balancing innovation with security."
The 2025 Thales Data Threat Report concludes that, while improvements in security postures are evident, further steps are necessary to adapt operational data security measures for evolving technologies such as generative AI and to mitigate risks around the adoption of emerging technology across industries.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
an hour ago
- Techday NZ
Transcend launches AI tools for compliance with data privacy laws
Transcend has launched two new AI governance tools, "Do Not Train" and "Deep Deletion," aimed at providing B2B AI companies with enhanced data privacy controls. The tools address specific privacy concerns among organisations using artificial intelligence, particularly around the use and deletion of customer data. These concerns have become prominent as enterprises increasingly demand proof that their data is not being improperly used for model training and is deleted in compliance with regulatory requirements. AI data use controls Transcend's "Do Not Train" feature gives AI developers the ability to guarantee on a record-level basis that particular customer data will not be utilised for model training or development. This solution satisfies both user preferences and the contractual obligations often required in enterprise agreements. The second tool, Deep Deletion, enables companies to identify and permanently erase customer data from their data systems. It also provides verifiable documentation that the deletion has occurred, meeting increasing demands from regulators for proof of data erasure. Together, these mechanisms allow AI companies to exercise full lifecycle governance over customer data - preventing non-compliant information from entering AI models and ensuring data can be reliably purged if required by contract or law. With regulation such as the General Data Protection Regulation (GDPR), the EU AI Act, and varying state privacy and AI statutes, there is growing pressure on AI vendors not only to provide opt-outs for training data but also to produce audit-ready confirmation of deletion. Vendors failing to provide these assurances may risk losing enterprise customers or running afoul of new legal frameworks. Industry adoption Transcend reports that its tools are already deployed by some of the world's largest AI companies, collectively processing over two hundred million workflows to date. This indicates broad uptake among vendors providing enterprise-grade AI services. "We've seen firsthand that enterprise AI contracts hinge on a vendor's ability to prove both 'Do Not Train' compliance and true data deletion," said Ben Brook, Co-Founder and Chief Executive Officer of Transcend. "These capabilities are already helping AI-Native industry leaders land enterprise customers - and now we're scaling them to power the next wave of responsible AI adoption." The infrastructure underpinning these controls works in real-time, enforcing compliance directly within data systems. This approach is designed to ensure that a company's data processing activities remain aligned with privacy commitments and regulatory obligations, eliminating the need for manual oversight. Market context The expansion of Transcend's governance tools comes as more organisations are scrutinised over their handling of training data. The EU AI Act, along with ongoing shifts in state and international privacy regulations, has heightened expectations for transparency in data management, specifically around AI model development and data deletion. Industry observers note that providing robust data governance is increasingly considered a competitive differentiator for vendors seeking to acquire or retain enterprise customers. The demand for audit-ready compliance and demonstrable action on data privacy is anticipated to continue rising as regulations evolve. Transcend's new offerings position the company to cater to these needs by supplying vendors with the ability to offer proof of their data handling practices during contract negotiations and regulatory reviews. The company's solutions are designed to replace manual processes with automation, aiming for continual adherence to privacy requirements as enterprise adoption of AI expands. Follow us on: Share on:
NZ Herald
an hour ago
- NZ Herald
NZ sharemarket continues momentum as Skellerup posts strong result
'The OCR [Official Cash Rate] decision yesterday, the lower forecast track and the signal of more cuts has put a bit of a rocket under the New Zealand market,' Lister said. 'While the economy isn't as far from firing on all cylinders, businesses are certainly in better spirits than they were. 'The reporting season is pointing to us having stabilised and passed the worst, and you're actually seeing the odd good result come out.' Skellerup's full-year result was followed by a share price rally of 6.38% or 30c to $5.00 after 380,365 shares changed hands on turnover worth $1.899m. The Red Band gumboot maker said it had made $54.5m in profit after tax, with earnings before interest and tax of $78m. Its profit was in line with expectations, falling in the middle of the $52m to $56m range flagged in July. Lister said Skellerup's outlook statement was positive, pointing to an acceleration in revenue over the next one to three years. Auckland International Airport also reported its full-year results, with a 'solid' net profit after tax up 12% to $310.4m. Its share price fell 0.64% or 5c to $7.75 on turnover worth $11.7m. Lister said the result was nothing of concern, but also nothing to get excited about. 'The result was largely in line with expectations, no real surprises. The outlook was maybe a little on the cautious side to 2026. 'Guided to net profit after tax [npat] of $300m, give or take, I think markets we're expecting north of $300m. They might still actually do better than they're suggesting, but [it is] just a bit of a cautious commentary.' The market's biggest stock, Fisher & Paykel Healthcare, also gave guidance on its first half at its annual meeting. The company's outlook for the full year remains unchanged, with operating revenue in the range of about $2.15 billion to $2.25b and net profit in the range of about $390m to $440m. 'They're clearly trading better than where people expected them to be at this point through the year. It wasn't so much the guidance, it was more the 'here's how we've gone so far this financial year' that they looked quite positive.' Fisher & Paykel Healthcare's share price rose 2.12% or 80c to $38.45 on turnover worth $10.8m. US stocks closed mostly lower on Wednesday local time as the tech sector remained under pressure, while investors kept an eye on retail earnings and weighed the prospect of US Federal Reserve interest rate cuts. The broad-based S&P 500 Index slid 0.2% to 6395.78, while the tech-focused Nasdaq Composite Index declined 0.7% to 21,172.86. The Dow Jones Industrial Average was flat at 44,938.31. The tech pullback comes as markets reached a point where many stocks 'were overbought' after soaring to record highs in recent weeks, Tim Urbanowicz of Innovator Capital Management said. 'But we still view the long-term trend [as] intact,' he said. Among major tech companies, Nvidia shares lost 0.1% and Advanced Micro Devices pulled back 0.8%. Broadcom fell 1.3%. – Additional reporting AFP Tom Raynel is a multimedia business journalist for the Herald, covering small business, retail and tourism.
Techday NZ
an hour ago
- Techday NZ
ISACA unveils AI security credential to boost cyber expertise
ISACA has launched a new AI-centred security management certification for cybersecurity professionals. The new Advanced in AI Security Management (AAISM) credential is now available to Certified Information Security Managers (CISM) and Certified Information Systems Security Professionals (CISSP), the organisation has confirmed. This development comes as ISACA's latest AI Pulse Poll shows that 95 percent of digital trust professionals are concerned that generative AI will be exploited by malicious actors. The use of AI in business operations across sectors has led to heightened cyber threats and an increased demand for skilled security professionals capable of managing and protecting AI systems. The AAISM certification is intended to enable security professionals to implement enterprise AI solutions while identifying, assessing, monitoring and mitigating associated risks. It is the first credential of its kind offered by ISACA and has been designed to provide a comprehensive learning path across three core domains: AI governance and programme management, AI risk management, and AI technologies and controls. Eligibility for the AAISM is limited to professionals who already hold either a CISM or CISSP. ISACA outlined that the credential builds upon the security management best practices from these certifications, with a specific focus on the threat landscape related to AI. This approach aims to help professionals manage risk profiles and leverage AI within security operations effectively. Exam preparation materials for the AAISM are available in both digital and print formats, including an official review manual, an online review course, and an extensive database of questions, answers, and explanations. Access to these learning options is provided for one year, allowing candidates sufficient time to prepare for the examination. AI risk skills "The AAISM credential validates information security managers' commitment to elevating their expertise and proving they are attuned to how AI is reshaping enterprise security," said Goh Ser Yoong, Head of Compliance, and member of the ISACA Emerging Trends and IT Risk Advisory Working Groups. "AAISM's synergy with existing, award-winning security credentials with a focus on AI is a key differentiator that will equip security leaders to excel and grow their careers in this dynamic security landscape." The AAISM is positioned for professionals with proven experience in security or advisory roles, as well as those with some expertise in assessing, implementing and maintaining AI systems. Its content reflects the changing requirements for managing organisational security in an era where AI technologies are rapidly advancing. ISACA has been expanding its suite of AI-related courses and resources to meet demand, including recent course offerings on the AI threat landscape and ethical perspectives in AI. The AAISM joins the ISACA Advanced in AI Audit (AAIA) credential, which is available to audit professionals holding appropriate high-level audit certifications such as the Certified Information Systems Auditor (CISA). Supporting career progression "We're proud to be the leader in developing world-class AI-focused training and credentialing for professionals in IT audit and security," says Erik Prusch, ISACA CEO. "From a robust slate of courses and resources to the first advanced audit-specific AI certifications for experienced auditors and security managers, we are committed to finding groundbreaking ways to empower digital trust leaders to harness the transformative potential of artificial intelligence responsibly and effectively, while propelling their careers forward." The broader initiative from ISACA reflects ongoing industry requirements for digital trust professionals to keep pace with the increasing impact of AI. With its global membership, ISACA has developed the AAISM and associated materials to provide accessible pathways for professionals to validate their knowledge and skills in this developing field. Follow us on: Share on:
