Chris Harris, EMEA Technical Director, Data and Application Security at Thales

Most data breaches today are not caused by hackers. They take place quietly within IT systems. Although the findings of the Thales Data Threat Report show that the number of reported data breaches has fallen from 37 per cent in 2021 to 15 per cent in 2025, this apparent progress harbours dangers. One risk is that most data breaches currently occurring are simply being overlooked – through internal misuse, excessive data collection and automated access via APIs, partners and bots. The reason for this is that there is often insufficient control and insight into these automated processes.

This shift is already undermining trust. Research shows that 82 per cent of consumers have stopped buying goods or services from a company or looked for alternatives in the past year due to concerns about the use of their personal data. Data breaches do not necessarily have to make headlines to cause real damage. All too often, people are asked to trust companies without being given a clear, meaningful understanding of how their data is actually collected, shared and used. What’s more, hardly anyone reads the terms and conditions.

AI and automation are becoming a central part of business processes, which is why machines today require sensitive data on a scale that traditional data protection frameworks were never designed to handle. The protection of personal data is no longer just a matter of compliance, but also of technology and transparency.

Data Privacy Day should be seen as a wake-up call. More and more data is being accessed by AI, APIs and bots. That’s why companies need to integrate data protection into their systems from the outset, ensuring much better control and clearer communication about how data is collected, shared and used. Otherwise, they risk losing the trust of their customers in an increasingly automated world.