Cloud knowledge encryption is meant to be a solved drawback. Organisations have been investing in knowledge safety for years, deploying platform after platform, and signing off on safety budgets that proceed to extend. And but the 2026 Thales Knowledge Risk Report, printed final month and primarily based on a survey of three,120 IT and safety professionals worldwide, finds that solely 47% of delicate knowledge held in cloud environments is definitely encrypted.
That’s down from 51% the earlier 12 months. A four-point decline doesn’t sound dramatic till you contemplate the path it represents. Cloud adoption has not slowed. The amount of delicate knowledge being moved into cloud environments has not shrunk. The variety of AI methods accessing that knowledge has grown significantly.
And thru all of it, encryption protection has moved backwards.
Extra instruments, much less readability
A part of what makes this discovering uncomfortable is that it doesn’t replicate an absence of effort or funding. The Thales report discovered that 77% of organisations are operating 5 or extra separate knowledge safety instruments. Practically half are managing 5 or extra key administration methods concurrently.
That’s not an image of neglect. It’s a image of fragmentation, and that comes with a price. When safety is distributed throughout too many methods, with no single level of visibility into what’s encrypted, the place, and below whose coverage, the gaps between instruments develop into the assault floor.
Misconfiguration was cited because the main explanation for cloud breaches within the report, at 28%. That determine turns into simpler to grasp when you see what number of overlapping, poorly built-in methods most safety groups try to keep up. The Thales report is direct on this level: extra instruments don’t imply higher safety.
It usually means extra gaps with nobody clearly accountable for closing them.
AI is making the stakes larger, not decrease
What shifts the urgency of the cloud knowledge encryption hole is the tempo at which AI methods at the moment are accessing enterprise knowledge. The Thales report discovered that 61% of organisations say their AI functions are already being focused by attackers, with delicate knowledge as the first focus. On the identical time, AI instruments and brokers are more and more being granted automated entry to cloud-held knowledge, usually with fewer controls and fewer oversight than can be utilized to human customers.
Sébastien Cano, Senior Vice President of Cyber Safety Merchandise at Thales, put it plainly within the report: “Insider risk is no longer just about people. When identity governance, access policies, or encryption are weak, AI can amplify those weaknesses across environments far faster than any human ever could.”
That final half issues. The issue with under-encrypted cloud knowledge was all the time {that a} breach may expose it. The brand new dimension is that AI methods can course of and propagate that knowledge at a scale and velocity that makes publicity way more consequential than it was beforehand.
Credential theft has overtaken all the things else
The Thales report additionally paperwork a associated shift in how attackers are getting in. Credential theft was cited by 67% of organisations that skilled cloud assaults because the main method used towards cloud administration infrastructure. Id and entry administration has now moved to the highest of the safety expertise precedence checklist for the primary time, forward of cloud safety and utility safety.
In an setting the place AI brokers function on API keys, tokens, and machine credentials reasonably than human logins, compromising an id is usually the quickest path to delicate knowledge. And if that knowledge is unencrypted when it’s reached, the breach is full.
The quantum dimension
There’s a longer-horizon drawback sitting behind the quick one. The Thales report discovered that 61% of organisations cite “harvest now, decrypt later” as their main quantum-related concern, that means adversaries are already accumulating encrypted knowledge as we speak, meaning to decrypt it as soon as quantum computing makes that viable.
The implication is that even knowledge which is at present encrypted might not keep protected indefinitely if the cryptographic requirements underpinning it are usually not up to date. 59% of respondents say they’re already prototyping or evaluating post-quantum cryptographic algorithms, which leaves roughly 4 in ten organisations that haven’t begun that course of.
The window for orderly cryptographic migration isn’t open indefinitely.
Thales shall be on the Cybersecurity & Cloud Expo at TechEx North America, going down 18–19 Could 2026 on the San Jose McEnery Conference Centre.
(Picture by Paul Hanaoka)
See additionally: Cloud demand shifts towards AI as enterprise use deepens
Wish to study extra about Cloud Computing from business leaders? Try Cyber Safety & Cloud Expo going down in Amsterdam, California, and London. The great occasion is a part of TechEx and is co-located with different main know-how occasions, click on right here for extra data.
CloudTech Information is powered by TechForge Media. Discover different upcoming enterprise know-how occasions and webinars right here.
