Thales, a global leader in technology and cybersecurity, has unveiled the findings of its 2025 Data Threat Report: Critical Infrastructure Edition. The report underscores the heightened cybersecurity risks confronting sectors such as energy, utilities, telecommunications, and transportation, as these industries navigate a rapidly evolving technological landscape.
Critical infrastructure providers are increasingly integrating advanced artificial intelligence (AI) systems to enhance operational efficiency and resilience. However, this trend is accompanied by new security challenges. The report highlights that 74% of organisations are investing in AI-specific security tools. Concerns remain substantial, with 64% worried about model integrity and 53% cautious about the reliability of third-party data sources.
Quantum computing presents another formidable challenge. The report reveals 58% of critical infrastructure respondents are experimenting with post-quantum cryptography to combat potential future decryption threats. Confidence in existing encryption methods is mixed, accentuating the need for regulatory guidance and robust safeguards to protect sensitive data.
An area of notable advancement is the reduction in breach rates. Only 15% of critical infrastructure organisations reported breaches in the previous year, a significant reduction from 37% in 2021. This improvement is attributed to the widespread adoption of multi-factor authentication, employed by 75% of organisations to secure employee access. Despite these gains, operational risks persist, with misconfigurations, exploited vulnerabilities, and identity compromise posing ongoing challenges.
Issues surrounding digital sovereignty also loom large. Over half of the critical infrastructure respondents indicated that compliance with mandates drove their data sovereignty efforts. However, only 2% have encrypted a significant proportion of their cloud-stored sensitive data, compared to a global average of 8%. The inconsistent use of discovery tools further complicates data security strategies, potentially impacting the protection of critical datasets.
The report illustrates a dual picture of progress and vulnerability. While breach rates have improved, the swift advances in AI and quantum technologies pose new security threats. With rising regulatory scrutiny and geopolitical tensions, striking a balance between innovation and resilience is a priority.
For critical infrastructure providers, proactive measures are paramount. Investing in stronger encryption, AI-specific protections, and urgently preparing for post-quantum challenges will be crucial to safeguard sensitive data and maintain uninterrupted services.
