The global average cost of a breach declined for the first time in five years, dropping to $4.44 million, according to IBM’s new data breach report, but the average U.S. cost rose to a record $10.22 million. In addition, AI is becoming an easy, high value target, IBM warns.
Thirteen percent of organizations reported breaches of AI models or applications, and of those compromised, 97% involved AI systems that lacked proper access controls. Despite the rising risk, 63% of breached organizations either don’t have an AI governance policy or are still developing a policy. Among those that do have AI governance policies in place, only 34% perform regular audits to detect unauthorized AI use, which ultimately will drive up breach costs, IBM stated in its 20th annual Cost of a Data Breach Report.
“The data shows that a gap between AI adoption and oversight already exists, and threat actors are starting to exploit it,” said Suja Viswesan,vice president of security and runtime products with IBM, in a statement. “The report revealed a lack of basic access controls for AI systems, leaving highly sensitive data exposed, and models vulnerable to manipulation. As AI becomes more deeply embedded across business operations, AI security must be treated as foundational. The cost of inaction isn’t just financial, it’s the loss of trust, transparency and control.”
Not all AI impacts are negative, however: Security teams using AI and automation shortened the breach lifecycle by an average of 80 days and saved an average of $1.9 million in breach costs over non-AI defenses, IBM found. Still, the AI usage/breach length benefit is only up slightly from 2024, which indicates AI adoption may have stalled.
The Data Breach 2025 report, which was conducted by Ponemon Institute and analyzed and sponsored by IBM, looked at 600 organizations and interviewed more than 3,000 executives and other users worldwide hit by data breaches between March 2024 and February 2025.
Notably, the research found that one out of every six breaches involved AI-driven attacks. Attackers are using generative AI to perfect and scale their phishing campaigns and other social engineering attacks, IBM stated. In a previous report, IBM said that genAI reduced the time needed to craft a convincing phishing email from 16 hours down to five minutes. Its latest report shows the impact of that: On average, 16% of data breaches involved attackers using AI, most often for AI-generated phishing (37%) and deepfake impersonation attacks (35%), IBM stated.
From a financial standpoint, while the global average cost of a data breach fell to $4.44 million, the average U.S. cost of a breach increased, reaching a record $10.22 million. Larger regulatory fines and higher detection and escalation costs in the U.S. contributed to this surge, IBM stated.
From an industry perspective, healthcare breaches remain the most expensive for the 14th consecutive year, costing an average of $7.42 million.
“Attackers continue to value and target the industry’s patient personal identification information (PII), which can be used for identity theft, insurance fraud and other financial crimes,” IBM stated. “Healthcare breaches took the longest to identify and contain at 279 days. That’s more than five weeks longer than the global average.”
Other interesting findings from the study include:
- The effect of storage location: “30% of all breaches involved data distributed across multiple environments, down from 40% last year. Meanwhile, breaches involving data stored on premises increased sharply to 28% from 20% last year. However, costs for each category differed. Data breaches involving multiple environments cost an average $5.05 million, while data breached on premises cost an average $4.01 million,” IBM stated.
- Phishing dominates among initial attack vectors: “Phishing replaced stolen credentials this year as the most common initial vector (16%) attackers used to gain access to systems. At an average $4.8 million per breach, it was also one of the costliest. Meanwhile, supply chain compromise surged to become the second most prevalent attack vector (15%), and second costliest ($4.91 million) after malicious insider threats ($4.91 million).”
- The cost of shadow AI: 20% of respondents said they suffered a breach due to security incidents involving shadow AI. “For organizations with high levels of shadow AI, those breaches added $670,000 to the average breach price tag compared to those that had low levels of shadow AI or none. These incidents also resulted in more personal identifiable information (65%) and intellectual property (40%) data being compromised. And that data was most often stored across multiple environments, revealing just one unmonitored AI system can lead to widespread exposure. The swift rise of shadow AI has displaced security skills shortages as one of the top three costly breach factors tracked by this report,” IBM stated.
- Time to identify and contain a breach decreased: “The mean time organizations took to identify and contain a breach fell to 241 days, reaching a nine-year low and continuing a downward trend that started after a 287-day peak in 2021,” IBM stated. “As noted in last year’s report, security teams continue to improve their mean time to identify (MTTI) and mean time to contain (MTTC) with the help of AI-driven and automation-driven defenses.”
In terms of recommendations, IBM emphasized identity and access management (IAM):
“Fortifying identity security with the help of AI and automation can improve IAM without overburdening chronically understaffed security teams. And as AI agents begin to play a larger role in organizational operations, the same rigor must be applied to protecting agent identities as to protecting human identities. Just like human users, AI agents increasingly rely on credentials to access systems and perform tasks. So, it’s essential to implement strong operational controls, or services that can help you do so, and maintain visibility into all non-human identity (NHI) activity. Organizations must be able to distinguish between NHIs using managed (vaulted) credentials and those using unmanaged credentials.”
Source:: Network World