For the first time in five years, global data breach costs have declined, according to IBM’s newly released 2025 Cost of a Data Breach Report. It found that average global costs dropped to US $4.44 million, or down from US $ 4.88m, that is by nine per cent, in the year prior. The cause, according to the report authors, is faster breach containment driven by AI-powered defences. According to the report, organizations were able to identify and contain a breach within a mean time of 241 days, the lowest it’s been in nine years.
This comes with a caveat, the authors warn: the very speed of AI and automation deployment that’s helping defence is also creating new risks. This phenomenon of AI adoption outpacing oversight can lead to what’s termed ‘security debt’. Near all, 97 per cent of breached organizations that experienced an AI-related security incident say they lacked proper AI access controls, according to findings from the report. Also, among the 600 organizations researched by the US-based Ponemon Institute, 63pc stated they have no AI governance policies in place to manage AI or prevent workers from using shadow AI.
This AI oversight gap is carrying the report suggests financial and operational costs. The report shows that having a high level of shadow AI—where workers download or use unapproved internet-based AI tools—added an extra US $ 670,000 to the global average breach cost. AI-related breaches also had a ripple effect: they led to broad data compromise and operational disruption. That disruption can stop businesses from processing sales orders, providing customer service and keeping supply chains running, it’s suggested.
You can download the report from the IBM website. More on the IBM website in a blog by Limor Kessem, X-Force Cyber Crisis Management Global Lead at IBM. See also a separate piece of research by the Ponemon Institute, its global 2025 Cost of Insider Risks.
Comment
Dr Ilya Kolochenko, CEO at ImmuniWeb and a Fellow at the British Computer Society (BCS), said: “While AI may intelligently automate numerous time- and resource-consuming cybersecurity tasks, the financial figures from the report seem to be a bit exaggerated, to put it mildly. First, even the top-notch AI products and solutions will bring from little to no help if other processes and procedures within a company remain the same. For example, you may get a better and faster alert that your cloud-based instance is breached, but if the cloud instance has been running with excessive permissions and without proper isolation – and your digital forensics and incident response (DFIR) process is not automated to a certain extent – all your data from the cloud will still be stolen.
“Second, AI may – and actually does – bring more harm than good when improperly integrated or misconfigured. Today, numerous large and small companies rush to implement all kinds of untested AI solution simply because of the fear of missing out (FOMO) syndrome, while neglecting to properly secure AI solutions and underlying infrastructure. Eventually, corporate data ends up being shared with unexpected third parties, publicly exposed or even compromised by malicious cyber-threat actors. In a nutshell, the more systems and technologies you have in your IT stack – the more vulnerabilities and weaknesses you will have – AI is no exception to the rule.
“Finally, quite some cybersecurity vendors – that actively promote their “magical” AI solutions – tend to over-promise and then under-deliver. In conclusion, integration of any AI-powered cybersecurity solutions into your cybersecurity realm should be done in a well-thought-out and prudent manner, otherwise, you may merely increase your cybersecurity risks.”
