Critical infrastructure organizations are facing a new wave of cyber risks. Although the number of data breaches is declining, AI and quantum technology are creating unknown threats that surpass traditional defense mechanisms.
This is according to research by Thales. Telecom companies, utilities, transport organizations, and energy companies are confronted with a rapidly evolving threat landscape. 73% of professionals in critical infrastructure cite the rapidly evolving AI ecosystem as their most significant security challenge.
Declining data breaches versus increasing risks
The survey of 513 professionals worldwide reveals a striking paradox: while the number of reported data breaches fell dramatically from 37 percent in 2021 to just 15 percent last year, new technologies are simultaneously creating unprecedented vulnerabilities.
The progress in reducing data breaches is partly due to the wider use of multi-factor authentication (MFA). Three-quarters of organizations now use MFA for more than 40 percent of their employees, although this is still nine percentage points behind the global average.
AI brings new risks
The adoption of advanced AI systems in critical infrastructure is progressing rapidly. Organizations are investing heavily in efficiency and resilience, but are encountering unexpected security challenges. Nearly three-quarters have already purchased specific security tools for generative AI.
Nevertheless, concerns remain high. Model integrity is a concern for 64 percent of respondents, while 53 percent doubt the reliability of external data sources. The pace of AI development itself is seen as the most significant risk—much higher than in other sectors.
“AI-powered attacks are becoming easier to execute and more effective,” warns Todd Moore, VP of Data Security Products at Thales.
Quantum computing threatens to break encryption
In addition to AI risks, an even more fundamental threat looms: quantum computing. More than half of organizations are already testing post-quantum cryptography algorithms. The reason is “harvest now, decrypt later” attacks, in which criminals steal data to decrypt it later once quantum computers become available.
Confidence in current encryption strategies is wavering. Many organizations are looking for clear regulations and stronger safeguards to protect sensitive data in the long term. This uncertainty strikes at the heart of digital security in critical sectors.
Quantum computing threatens to completely disrupt all existing encryption protocols, even before organizations consider the combined threat of AI and quantum.
Data sovereignty lags behind
Digital sovereignty is high on the agenda, but implementation is faltering. For 52 percent of organizations, regulatory compliance is the main driver of data sovereignty efforts.
However, practice lags behind ambition. Only 2 percent of organizations have encrypted 80 percent or more of their sensitive cloud data—significantly lower than the global average of 8 percent.
The widespread use of multiple discovery tools leads to inconsistencies and conflicting policies. This fragmentation undermines progress in protecting sensitive data sets.