Cloud information encryption is meant to be a solved drawback. Organisations have been investing in information safety for years, deploying platform after platform, and signing off on safety budgets that proceed to extend. And but the 2026 Thales Data Threat Report, printed final month and primarily based on a survey of three,120 IT and safety professionals worldwide, finds that solely 47% of delicate information held in cloud environments is definitely encrypted.
That’s down from 51% the earlier 12 months. A four-point decline doesn’t sound dramatic till you contemplate the route it represents. Cloud adoption has not slowed. The amount of delicate information being moved into cloud environments has not shrunk. The variety of AI methods accessing that information has grown significantly.
And thru all of it, encryption protection has moved backwards.
Extra instruments, much less readability
A part of what makes this discovering uncomfortable is that it doesn’t mirror an absence of effort or funding. The Thales report discovered that 77% of organisations are operating 5 or extra separate information safety instruments. Almost half are managing 5 or extra key administration methods concurrently.
That isn’t an image of neglect. It’s a image of fragmentation, and that comes with a price. When safety is distributed throughout too many methods, with no single level of visibility into what’s encrypted, the place, and underneath whose coverage, the gaps between instruments turn into the assault floor.
Misconfiguration was cited because the main reason behind cloud breaches within the report, at 28%. That determine turns into simpler to know when you see what number of overlapping, poorly built-in methods most safety groups try to take care of. The Thales report is direct on this level: extra instruments don’t imply higher safety.
It typically means extra gaps with nobody clearly accountable for closing them.
AI is making the stakes increased, not decrease
What shifts the urgency of the cloud information encryption hole is the tempo at which AI methods at the moment are accessing enterprise information. The Thales report discovered that 61% of organisations say their AI functions are already being focused by attackers, with delicate information as the first focus. On the identical time, AI instruments and brokers are more and more being granted automated entry to cloud-held information, typically with fewer controls and fewer oversight than could be utilized to human customers.
Sébastien Cano, Senior Vice President of Cyber Safety Merchandise at Thales, put it plainly within the report: “Insider threat is now not nearly folks. When identification governance, entry insurance policies, or encryption are weak, AI can amplify these weaknesses throughout environments far quicker than any human ever might.”
That final half issues. The issue with under-encrypted cloud information was at all times {that a} breach might expose it. The brand new dimension is that AI methods can course of and propagate that information at a scale and pace that makes publicity much more consequential than it was beforehand.
Credential theft has overtaken every part else
The Thales report additionally paperwork a associated shift in how attackers are getting in. Credential theft was cited by 67% of organisations that skilled cloud assaults because the main method used towards cloud administration infrastructure. Id and entry administration has now moved to the highest of the safety abilities precedence checklist for the primary time, forward of cloud safety and utility safety.
In an atmosphere the place AI brokers function on API keys, tokens, and machine credentials somewhat than human logins, compromising an identification is usually the quickest path to delicate information. And if that information is unencrypted when it’s reached, the breach is full.
The quantum dimension
There’s a longer-horizon drawback sitting behind the quick one. The Thales report discovered that 61% of organisations cite “harvest now, decrypt later” as their major quantum-related concern, that means adversaries are already gathering encrypted information at present, aspiring to decrypt it as soon as quantum computing makes that viable.
The implication is that even information which is at the moment encrypted might not keep protected indefinitely if the cryptographic requirements underpinning it should not up to date. 59% of respondents say they’re already prototyping or evaluating post-quantum cryptographic algorithms, which leaves roughly 4 in ten organisations that haven’t begun that course of.
The window for orderly cryptographic migration shouldn’t be open indefinitely.
Thales will likely be on the Cybersecurity & Cloud Expo at TechEx North America, happening 18–19 Might 2026 on the San Jose McEnery Conference Centre.
(Picture by Paul Hanaoka)
See additionally: Cloud demand shifts towards AI as enterprise use deepens
Wish to study extra about Cloud Computing from trade leaders? Try Cyber Security & Cloud Expo happening in Amsterdam, California, and London. The great occasion is a part of TechEx and is co-located with different main expertise occasions, click on here for extra data.
CloudTech Information is powered by TechForge Media. Discover different upcoming enterprise expertise occasions and webinars here.
