.svg){kind=spacer}
Details
- IBM's 2025 Cost of a Data Breach Report finds 13% of organizations suffered breaches involving AI models or applications, with an additional 8% unsure if they were compromised, marking a notable focus on AI incidents for the first time in this annual study.
- The study, conducted with Ponemon Institute across 600 global companies between March 2024 and February 2025, reveals 97% of organizations affected by AI breaches lacked access controls, 60% suffered data exposure, and 31% faced severe operational disruptions.
- Despite ongoing AI security gaps, the global average cost per breach dropped by 9% to $4.44 million, while U.S. breach expenses surged to a record $10.22 million; organizations deeply integrating AI into security operations reduced these costs by an average of $1.9 million.
- Shadow AI—unsanctioned deployment of AI tools—was reported by one in five organizations as a cause of breaches, raising average breach costs by $670,000 and resulting in more frequent exposure of sensitive data and intellectual property.
- Only 49% of breached organizations plan to enhance security investments, a drop from 63% in 2024, and 63% either lack or are still developing formal AI governance policies.
Impact
The findings highlight mounting risks as organizations accelerate AI adoption without adequate security controls or governance. With AI now fueling a significant portion of phishing attacks and global cybercrime costs approaching $10.5 trillion, this trend poses threats not just to corporate assets but to public trust in AI technology itself. As investment in security wanes post-breach, companies risk compounding vulnerabilities—potentially ceding ground to both cybercriminals and more security-minded competitors.
