Table of Contents
IBM released its Cost of a Data Breach Report, which revealed AI adoption is greatly outpacing AI security and governance. While the overall number of organizations experiencing an AI-related breach is a small representation of the researched population, this is the first time security, governance and access controls for AI have been studied in this report, which suggests AI is already an easy, high value target.
The AI oversight gap
13% of organizations reported breaches of AI models or applications, while 8% of organizations reported not knowing if they had been compromised in this way. Of those compromised, 97% report not having AI access controls in place. As a result, 60% of the AI-related security incidents led to compromised data and 31% led to operational disruption.
This year’s results show that organizations are bypassing security and governance for AI in favor of do-it-now AI adoption. Ungoverned systems are more likely to be breached, and more costly when they are.
“The data shows that a gap between AI adoption and oversight already exists, and threat actors are starting to exploit it,” said Suja Viswesan, VP, Security and Runtime Products, IBM. “The report revealed a lack of basic access controls for AI systems, leaving highly sensitive data exposed, and models vulnerable to manipulation. As AI becomes more deeply embedded across business operations, AI security must be treated as foundational. The cost of inaction isn’t just financial, it’s the loss of trust, transparency and control.”
However, the report did reveal that organizations using AI and automation extensively throughout their security operations saved an average $1.9 million in breach costs and reduced the breach lifecycle by an average of 80 days.
The cost of shadow AI
63% of breached organizations either don’t have an AI governance policy or are still developing a policy. Of the organizations that have AI governance policies in place, only 34% perform regular audits for unsanctioned AI.
One in five organizations reported a breach due to shadow AI, and only 37% have policies to manage AI or detect shadow AI. Organizations that used high levels of shadow AI observed an average of $670,000 in higher breach costs than those with a low level or no shadow AI. Security incidents involving shadow AI led to more personally identifiable information (65%) and intellectual property (40%) being compromised compared to the global average (53% and 33% respectively).
16% of breaches studied involved attackers using AI tools, most often for phishing or deepfake impersonation attacks.
The financial cost of a breach
The global average cost of a data breach fell to $4.44 million, the first decline in five years, while the average U.S. cost of a breach reached a record $10.22 million.
The global average breach lifecycle (the mean time to identify and contain a breach, including restore services) dropped to 241 days, a 17-day reduction from the year prior, as more studied organizations detected the breach internally. Those organizations who detected the breach internally also observed a $900,000 savings on breach costs compared to those disclosed by an attacker.
Averaging $7.42 million, healthcare breaches remained the most expensive across all studied industries, even as this sector saw a $2.35 million reduction in costs compared to 2024. Breaches across this sector take the longest to identify and contain at 279 days, that’s more than 5 weeks longer than the global average of 241 days.
Last year, organizations pushed back against ransom demands, with more opting not to pay (63%) compared to the year prior (59%). As more organizations refuse to pay ransoms, the average cost of an extortion or ransomware incident remains high, particularly when disclosed by an attacker ($5.08 million).
There was a significant reduction in the number of organizations that said they plan to invest in security following a breach, 49% in 2025 compared to 63% in 2024. Less than half of those that plan to invest in security post-breach will focus on AI-driven security solutions or services.
The long tail of a breach
According to the 2025 IBM report, nearly all organizations studied suffered operational disruption following a data breach. This level of disruption is taking a toll on recovery timelines. Among organizations that reported recovery, most took more than 100 days on average to do so.
However, the consequences of a breach continue to extend beyond containment. While down compared to the year prior, nearly half of all organizations reported that they planned to raise the price of goods or services because of the breach, and nearly one-third reported price increases of 15% or more.
