Latest news with #GenAI-specific
Business Times
05-08-2025
- Business
- Business Times
Cybersecurity: a strategic investment in a dangerous, uncertain world
[SINGAPORE] As digital transformation accelerates, the need for cybersecurity has become more critical than ever. The rise of cloud-based services, advanced technologies such as generative artificial intelligence (GenAI), and intensifying geopolitical tensions have all contributed to a more complex and dangerous threat environment. Data from Check Point Research shows that the global average number of weekly cyberattacks per organisation has more than doubled from 818 in the second quarter of 2021 to 1,984 in Q2 2025. Data breaches have also become more costly, with the average cost climbing 26 per cent from US$3.9 million in 2020 to US$4.9 million in 2024. As threats intensify, businesses and governments are stepping up their cybersecurity spending. According to Grand View Research, the global cybersecurity market is projected to grow from US$245.6 billion in 2024 to US$500.7 billion by 2030, at a compound annual growth rate (CAGR) of 12.6 per cent. AI: threat and driver of cybersecurity demand The rise of GenAI is reshaping both the threat landscape and the demand for modern security solutions. Cybercriminals are now using large language models to research targets, craft highly convincing phishing messages, and write malicious code. Even more alarmingly, AI tools can create realistic deepfakes of voices and videos, which are increasingly used to defraud businesses. In Hong Kong last year, a financial worker at engineering firm Arup was deceived into transferring HK$200 million (S$32.8 million) to criminals during a video call populated entirely by deepfakes of senior executives. The advent of agentic AI adds a new layer of complexity to the threat landscape. Autonomous and adaptive in nature, AI agents can be used by attackers to bypass traditional defences more easily and enable even less-skilled threat actors to carry out highly effective and large-scale campaigns. BT in your inbox Start and end each day with the latest news stories and analyses delivered straight to your inbox. Sign Up Sign Up As businesses themselves increasingly deploy AI agents to boost efficiency, they inadvertently introduce new security vulnerabilities. These agents can be manipulated through prompt injection attacks, where malicious prompts masquerade as legitimate commands, leading to the unintended disclosure of sensitive data or execution of harmful actions. These evolving threats are driving greater demand for advanced cybersecurity solutions. Identity security tools are becoming essential for managing not only human but also machine identities. Additionally, new GenAI-specific protections are emerging, such as prompt-level visibility features that monitor and block policy-violating prompts in real time. Meanwhile, the shortage of cybersecurity professionals is also fuelling demand for AI-powered automation tools that help analysts respond to threats faster and more effectively. Despite the escalating threat landscape, AI adoption in cybersecurity remains limited. A Ponemon Institute survey found that nearly 70 per cent of organisations are either not using AI at all or are doing so only to a limited extent. This highlights a significant, untapped opportunity for vendors capable of delivering effective AI-driven security solutions. Cybersecurity spending is resilient across economic cycles Cybersecurity is mission-critical; that does not change even in an economic downturn. A Q2 Morgan Stanley survey of chief information officers found that security software is considered the area least likely to face budget cuts if macroeconomic conditions worsen. This is unsurprising given that cyberthreats persist in any economic environment. Breaches can lead to massive financial losses, reputational damage, and the undermining of critical infrastructure and national security. In a recent example, Microsoft accused hackers linked to the Chinese government of exploiting vulnerabilities in its SharePoint system to steal confidential data from hundreds of businesses and government agencies, including the US National Nuclear Security Administration. Looking ahead, governments are expected to continue increasing their cybersecurity budgets, benefiting cybersecurity companies that government agencies outsource projects to. Furthermore, strict enforcement of cybersecurity regulations such as the European Union's General Data Protection Regulation and Singapore's Cybersecurity Act will compel businesses to invest more in security solutions to ensure compliance. Meanwhile, long-term structural trends such as digitalisation, AI and cloud adoption, will continue to underpin demand for cybersecurity, even in a slowing or uncertain economy. Scalable business model Many cybersecurity firms operate on a subscription-based model, which provides predictable recurring revenue. Their business is also supported by high switching costs, as changing security vendors can be complex, disruptive and risky. This leads to high customer stickiness, with leading firms consistently reporting gross retention rates of more than 95 per cent, implying a customer lifespan of about 20 years. Firms offering a broad range of solutions, such as CrowdStrike and Palo Alto Networks, can also upsell and cross-sell, leading to net retention rates above 110 per cent. Finally, the software-based nature of the industry makes it less vulnerable to supply chain disruptions and tariffs. Overall, the combination of high customer stickiness and innovative solutions allows these firms to build substantial annual recurring revenue and sustain robust growth. Defensive growth In conclusion, the cybersecurity industry presents a compelling investment case, offering a rare combination of growth and resilience. As digital transformation accelerates and threats grow more complex, demand for advanced protection will only rise. We favour platform providers with diversified offerings. Their integrated solutions are well-positioned to capitalise on the trend of vendor consolidation, where businesses seek to streamline their security operations and reduce costs. For investors who want to gain broad exposure to this fragmented industry without picking individual winners, a cybersecurity exchange-traded fund is a good option. The writer is a research analyst with the research and portfolio management team of FSMOne Singapore, the B2C division of iFast Financial
Business Upturn
20-05-2025
- Business
- Business Upturn
2025 Thales Data Threat Report Reveals Nearly 70% of Respondents in India Identify AI's Fast-Moving Ecosystem as Top GenAI-Related Security Risk
MEUDON, France & New Delhi, Delhi, India: 72% of respondents in India are investing in AI-specific security tools with either new or existing budgets. In India, 68% of respondents identify future encryption compromise as one of the major concerns among quantum computing security threats. Globally, malware remains the top attack type since 2021; phishing rises to second, and ransomware drops to third. Thales today announced the release of the 2025 Thales Data Threat Report , its annual report on the latest data security threats, trends, and emerging topics based on a survey conducted by S&P Global Market Intelligence 451 Research of more than 3,100 IT and security professionals in 20 countries across 15 industries. This year's report found that nearly 70% of organisations in India view the fast-moving ecosystem as the most concerning GenAI security risk, followed by lack of integrity (66%) and trustworthiness (55%). This press release features multimedia. View the full release here: ©Thales The 2025 Thales Data Threat Report results reveal a major focus on the transformative impact of AI, especially GenAI, which relies heavily on high-quality, sensitive data for functions like training, inference, and content generation. As agentic AI emerges, ensuring data quality becomes even more critical for enabling sound decision-making and actions by AI systems. Many organisations across the world are already adopting GenAI, with a third of respondents indicating it is either being integrated or is actively transforming their operations. Organisations Embrace GenAI, Taking on Greater Security Risks Amid Rapid Adoption As GenAI introduces complex data security challenges and offers strategic opportunities to strengthen defences, its growing integration marks a shift among organisations from experimentation to more mature, operational deployment. While most respondents said rapid adoption of GenAI is their top security concern, respondents in the more advanced stages of AI adoption aren't waiting to fully secure their systems or optimise their tech stacks before forging ahead. Because the drive to achieve rapid transformation often outweighs efforts to strengthen organisational readiness, these organisations may be inadvertently creating their own biggest security vulnerabilities. 'The fast-evolving GenAI landscape is pressuring enterprises to move quickly, sometimes at the cost of caution, as they race to stay ahead of the adoption curve,' Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research, said. 'Many enterprises are deploying GenAI faster than they can fully understand their application architectures, compounded by the rapid spread of SaaS tools embedding GenAI capabilities, adding layers of complexity and risk.' In India, 72% of respondents report investing in GenAI-specific security tools, with 16% using newly allocated budget. Globally, those prioritising AI security are diversifying their approaches: over two-thirds have acquired tools from their cloud providers, three in five are leveraging established security vendors, and nearly half are turning to new or emerging startups. Notably, security for generative AI has quickly risen as a top spending priority, securing the second spot in ranked-choice voting, just behind cloud security. This shift underscores the growing recognition of AI-driven risks and the need for specialised defences to mitigate them. Data Breaches Show Modest Decline, Though Threats Remain Elevated While data breaches remain a significant concern, their frequency has slightly decreased over the past few years. In 2021, 56% of surveyed enterprises across the world reported experiencing a breach, but that figure has dropped to 45% in 2025. Additionally, the percentage of respondents reporting a breach within the last 12 months has fallen from 23% in 2021 to just 14% in 2025. In India, 11% of respondents reported experiencing a data breach recently. Globally, malware continues to lead as the most prevalent threat, maintaining its top position since 2021. Phishing climbed to second place, overtaking ransomware, which now ranks third. When it comes to the most concerning threat actors, external sources dominate—hacktivists hold the top spot, followed by nation-state actors. Human error, while still significant, has dropped to third, down one position from the previous year. Vendors Pressed on Post-Quantum Readiness as Encryption Strategies Are Reassessed The 2025 Thales Data Threat Report reveals that most organisations are increasingly concerned about quantum-related security risks. The top threat, cited by 68% of respondents in India, is future encryption compromise—the risk that quantum computers could eventually break current or future encryption algorithms, exposing data once considered secure. Close behind, 56% identified key distribution vulnerabilities, where quantum advancements could undermine the secure exchange of encryption keys. Additionally, 58% highlighted the 'harvest now, decrypt later' (HNDL) threat, where encrypted data intercepted today could be decrypted in the future. In response, 55% of organisations in India are prototyping or evaluating post-quantum cryptography (PQC) solutions, and 49% are assessing their encryption strategies. Only 40% are placing their trust in telecom or cloud providers to manage the transition. 'The clock is ticking on post-quantum readiness. It's encouraging that three out of five organisations are already prototyping new ciphers, but deployment timelines are tight and falling behind could leave critical data exposed,' Todd Moore, Global Vice President, Data Security Products at Thales, said. 'Even with clear timelines for transitioning to PQC algorithms, the pace of encryption change has been slower than expected due to a mix of legacy systems, complexity, and the challenge of balancing innovation with security.' While this year's survey results indicate improvements in security posture, much more is needed to elevate operational data security to fully support the capabilities of emerging technologies such as GenAI and to pave the way for future innovations. For more information please join our webinar hosted by Eric Hanselman, Chief Analyst at S&P Global 451 Research. About Thales Thales (Euronext Paris: HO) is a global leader in advanced technologies for the Defence, Aerospace, and Cyber & Digital sectors. Its portfolio of innovative products and services addresses several major challenges: sovereignty, security, sustainability and inclusion. The Group invests more than €4 billion per year in Research & Development in key areas, particularly for critical environments, such as Artificial Intelligence, cybersecurity, quantum and cloud technologies. Thales has more than 83,000 employees in 68 countries. In 2024, the Group generated sales of €20.6 billion. About Thales in India Present in India since 1953, Thales is headquartered in Noida and has other operational offices and sites spread across Delhi, Gurugram, Bengaluru and Mumbai, among others. Over 2200 employees are working with Thales and its joint ventures in India. Since the beginning, Thales has been playing an essential role in India's growth story by sharing its technologies and expertise in Defence, Aerospace and Cyber & Digital sectors. Thales has two engineering competence centres in India – one in Noida focused on Cyber & Digital business, while the one in Bengaluru focuses on hardware, software and systems engineering capabilities for both the civil and defence sectors, serving global needs. The Group has also established an MRO (Maintenance, Repair & Overhaul) facility in Gurugram to provide comprehensive avionics maintenance and repair services to Indian airlines and support the growth of the local aviation industry. PLEASE VISIT Thales Group Cloud Protection & Licensing Solutions | Thales Group Cybersecurity Solutions | Thales Group View source version on Disclaimer: The above press release comes to you under an arrangement with Business Wire. Business Upturn takes no editorial responsibility for the same.
