Mark Fermor

Director & Co-Founder, Firevault

Updated February 2026 | Estimated read time: 12 minutes | Published by Firevault

The 2026 Thales Data Threat Report, conducted by S&P Global Market Intelligence 451 Research and based on responses from over 3,100 security professionals across 20 countries, delivers a sobering assessment of enterprise data security in the age of AI agents. Its central thesis: AI is no longer just a tool. It is becoming a new insider threat.

For organisations that rely on cloud-first infrastructure and handle sensitive data, this report is essential reading. Here, we distil the most critical findings, explain what they mean for UK enterprises, and outline how offline secure storage addresses the exact vulnerabilities Thales identifies.

1. AI Security Spending Is Surging, But Still Underfunded

Thirty per cent of organisations now have a dedicated budget for AI security, up 50% year-on-year from 20%. Yet more than half (53%) are still funding AI security from their existing security budgets, treating it as an add-on rather than a discipline in its own right.

The report makes clear why this matters: 61% of organisations say their AI applications are being actively targeted by attackers, with sensitive data being the primary objective. AI security spending now ranks second-highest in priority behind only cloud security.

Firevault view: Budgets allocated to AI security overwhelmingly focus on access controls, monitoring, and encryption, all software-based. None of these controls protect data that has already been exfiltrated or encrypted by ransomware. Offline secure storage removes the data from the attack surface entirely, addressing the gap that software security cannot.

2. The Pace of AI Change Is the Number One Risk

When asked about their greatest AI-related security concern, 70% of respondents cited the rate of change within AI ecosystems. The rapid integration of agentic tools, autonomous AI agents that can access, process, and act on organisational data, is outpacing security teams' ability to establish controls.

The report notes that agentic applications like Claude Code and Cursor are already in production use, fusing previously separate data sources and blurring sovereignty boundaries. A third of enterprises (34%) report embedded AI agents are already in use, with 73% expecting deployment within 12 months.

The implication is stark: only 34% of organisations have complete knowledge of where their data is stored, and only 39% can classify all their data. If security teams cannot find and classify valuable data, AI agents will likely find ways to access it with unpredictable results.

"The rapid integration of agentic AI tools is outpacing security teams' ability to establish controls.", 2026 Thales Data Threat Report

3. Human Error Remains the Leading Cause of Breaches

For all the focus on sophisticated nation-state attackers (cited as a top-three concern by 63% of respondents), the data tells a different story about what actually causes breaches:

• 28%: Misconfiguration or human error (leading cause)
• 21%: Exploitation of known vulnerabilities
• 14%: Zero-day or previously unknown vulnerabilities
• 12%: Failure to use MFA for privileged accounts
• 10%: Compromise of identity or access controls

This paradox, fearing nation-state actors while being breached by human mistakes, is compounded by security tool sprawl. The average organisation uses seven data protection tools, with 77% running five or more. This complexity directly increases the likelihood of human error.

Firevault view: Tool sprawl and operational complexity are unsolvable problems in purely software-defined environments. Physical isolation eliminates the configuration surface area entirely. There are no credentials to misconfigure, no access policies to forget, no cloud consoles to leave exposed. The vault is either connected or it is not.

Root Causes of Data Breaches (2026)

Source: 2026 Thales Data Threat Report, S&P Global 451 Research

4. Cloud Data Remains Dangerously Exposed

For the third consecutive year, cloud-based assets are the top three attack targets:

• 35%: Cloud storage
• 34%: Cloud-delivered applications (SaaS)
• 32%: Cloud management infrastructure

The average organisation now uses 2.26 IaaS cloud providers and 89 SaaS applications. Despite this sprawl, only about half of sensitive cloud data is encrypted, and 53% of organisations let cloud providers control their encryption keys for more than half of their applications.

Credential theft is the leading attack technique against cloud infrastructure, cited by 67% of respondents. This is followed by third-party vulnerabilities (61%) and malware injection (54%), which has risen in the rankings due to software supply chain attacks.

Firevault view: Encryption is necessary but insufficient when the keys are controlled by the cloud provider, when credentials can be stolen, and when only half the data is encrypted in the first place. Offline vaults hold data outside any cloud provider's infrastructure, making credential theft irrelevant and supply chain attacks impossible against the stored data.

Top Cloud Attack Targets

Source: 2026 Thales Data Threat Report

5. The C-Suite Has a Dangerous Blind Spot

One of the report's most striking findings is the disconnect between leadership perception and operational reality. 78% of C-suite executives reported no breach history, compared with just 57% of IT and security practitioners in the same organisations.

For cloud breaches specifically, 62% of executives reported no history, versus 54% of the broader survey population. This means security budgets and board-level risk assessments are likely based on incomplete information.

"78% of C-suite executives reported no breach history, compared with just 57% of IT and security practitioners in the same organisations." This perception gap directly leads to underinvestment in resilience measures.

Firevault view: This perception gap is dangerous because it leads to underinvestment in last-resort protections. When leadership believes breaches are not happening, resilience measures like offline backup and air-gapped storage are deprioritised. The organisations that survive breaches are those that plan for them, regardless of whether leadership acknowledges the risk.

C-Suite vs Practitioner: Breach Perception Gap

Source: 2026 Thales Data Threat Report

6. Quantum Computing Is No Longer Theoretical

The report reveals that quantum risk concerns have matured significantly. The top-cited quantum risk, selected by 61% of respondents, is harvest now, decrypt later (HNDL): the practice of capturing encrypted data today to decrypt it when quantum computers become capable.

While 59% of organisations are prototyping post-quantum cryptographic (PQC) algorithms, and 32% have identified or started experimenting with quantum computing projects, the transition timeline remains uncertain. The Certification Authority Browser Forum is already requiring TLS certificate lifetimes to be shortened to 47 days by 2029, forcing automation upgrades.

Firevault view: HNDL attacks target data in transit and at rest in connected environments. Data stored offline in a Firevault vault cannot be harvested because it is not on any network. For crown-jewel data, including intellectual property, legal records, and trade secrets, offline storage is the only guaranteed protection against future decryption capabilities.

7. Data Sovereignty Is Being Reshaped by AI Agents

The report highlights how agentic AI is eroding sovereignty boundaries. When AI tools fuse data from multiple sources, including code repositories, cloud resources, and CRM systems, the lines of data residency and operational independence blur. Almost half of respondents (45%) cited portability as the primary driver of their sovereignty initiative, and 54% are refactoring applications to better segment or isolate data.

Thirty-six per cent believe cryptographic protections are sufficient for sovereignty, but the report warns this is only the first level. Operational sovereignty requires that all personnel involved are citizens of the jurisdiction, and software sovereignty means data can be removed from any application and ported to a new one.

Firevault view: Physical data sovereignty is the strongest form of sovereignty. When data is stored in an offline vault in a known UK location, there is no ambiguity about jurisdiction, no risk of cross-border data flows, and no dependency on a cloud provider's compliance posture. This is particularly relevant for organisations subject to NIS2, SRA, or FCA requirements.

8. Secrets Management Is the Top DevOps Security Challenge

The report identifies secrets management as the number one security challenge in DevOps, ranked first by the largest share of respondents across all listed categories. Yet spending on DevSecOps and secrets management tools ranked lowest among all 17 technology categories surveyed.

This creates a dangerous gap: the thing developers struggle with most is the thing organisations invest in least. As agentic coding tools like Claude Code and Cursor gain adoption, the volume of secrets, including API keys, tokens, and certificates, will only increase.

"The thing developers struggle with most is the thing organisations invest in least." This disconnect between risk and investment is a recurring theme throughout the 2026 report.

9. 97% of Organisations Have Suffered AI-Generated Misinformation Harm

Perhaps the most universally concerning statistic: 97% of all respondents reported some form of organisational harm from AI-generated false information. This includes deepfake business email compromise, trademark abuse, harm to key personnel, reputational damage, and hiring fraud.

Fifty-nine per cent have experienced deepfake attacks, and 48% have suffered reputational damage from AI-generated misinformation. AI-generated misinformation and deepfakes showed the second-highest attack increase across all categories.

Firevault view: When AI-generated deepfakes can impersonate executives and trigger fraudulent data transfers, the integrity of authentication chains becomes critical. Physical verification through offline secure storage provides an authentication layer that cannot be spoofed, cloned, or bypassed by generative AI.

AI and Quantum Threat Landscape

Source: 2026 Thales Data Threat Report, S&P Global 451 Research

What This Means for UK Organisations

The 2026 Thales Data Threat Report paints a picture of an enterprise security landscape that is outpaced by the technology it is trying to protect. The key themes, including AI as insider threat, cloud exposure, human error, quantum risk, and sovereignty erosion, all point to a common conclusion:

Software-only security is necessary but no longer sufficient for protecting an organisation's most critical data.

The report's recommendations, including better data classification, reduced tool complexity, stronger encryption, and proactive security leadership, are all valid. But they operate within the connected environment. They do not address what happens when that environment is compromised.

Firevault exists precisely for that scenario. Offline secure storage provides:

• Zero attack surface: No credentials to steal, no APIs to exploit, no misconfigurations to discover
• Quantum-proof protection: Data that is not on a network cannot be harvested for future decryption
• True data sovereignty: Physical location, physical access, verifiable chain of custody
• Resilience against AI agents: Autonomous systems cannot access data that is physically disconnected
• Human error immunity: No cloud consoles to misconfigure, no encryption keys to mismanage

"The most secure data is the data that cannot be reached." This is the principle Firevault has built its entire platform around, and the 2026 Thales Data Threat Report confirms it.

Source

2026 Thales Data Threat Report, conducted by S&P Global Market Intelligence 451 Research. Based on 3,120 respondents across 20 countries. Published February 2026. Read the full report.

AI Is the New Insider Threat: 2026 Thales Report

The 2026 Thales Data Threat Report surveyed 3,100+ security professionals across 20 countries. Its findings, from AI as insider threat to 97% of organisations harmed by deepfakes, reveal why offline secure storage is no longer optional.