Free Access
Blog

IBM’s Cost of a Data Breach 2025: The AI Oversight Gap

Introduction

IBM has released its 20th annual Cost of a Data Breach Report, and for the first time in five years, global breach costs have declined. 

The 2025 report highlights the growing role of artificial intelligence in both defense and offense. Faster containment driven by AI-powered tools helped lower costs, yet at the same time attackers are weaponizing generative AI for phishing and deepfakes. Meanwhile, organizations are racing to adopt AI without establishing governance, leaving them exposed to shadow AI risks and costly incidents.

Key Takeaways from IBM’s 2025 Report

1. Breach Costs and Global Trends

This year marked a global turning point: overall breach costs decreased for the first time since 2019. Faster detection and containment, driven by AI-powered defenses, contributed to this drop. But the U.S. bucked the trend, setting a new record with average costs that doubled the global figure, largely due to regulatory pressure and higher detection expenses.

  • 4.44 million USD: Global average breach cost in 2025, down 9 percent from 2024.

  • 10.22 million USD: U.S. breach costs hit a record high due to regulatory fines and detection costs.

  • Healthcare remained the costliest sector at 7.42 million USD despite a decline from 2024.

  • Detection and escalation costs dropped nearly 10 percent, showing that AI and automation are helping speed containment .

2. AI Adoption Outpaces Security

While AI adoption is surging across industries, security controls are not keeping pace. Most organizations deploying AI lack basic governance policies and access controls. Shadow AI in particular has emerged as a hidden but costly threat, amplifying risks to sensitive data and driving breach costs higher.

  • 97 percent of AI-related breaches lacked proper access controls.

  • 63 percent of organizations have no AI governance policies.

  • Shadow AI (unsanctioned AI use) accounted for 20 percent of breaches, adding 670,000 USD to average breach costs.

  • Customer PII was the most targeted data type in shadow AI incidents at 65 percent.

3. AI in the Hands of Attackers

Attackers are no longer manually crafting phishing emails or scams. Generative AI has dramatically reduced the time needed to create convincing lures and fake personas. This year’s findings confirm what many defenders feared: AI is not just an enterprise tool, it is also a weapon for adversaries.

  • 1 in 6 breaches involved attackers using AI.

  • Top methods: AI-generated phishing (37 percent) and deepfake impersonation (35 percent).

  • IBM found generative AI reduces phishing email creation time from 16 hours to just 5 minutes.

4. Ransomware and Response Shifts

Ransomware remains one of the most disruptive and expensive types of attacks. However, organizations are increasingly refusing to pay ransom demands. At the same time, fewer are involving law enforcement, which could undermine the cost savings previously associated with coordinated responses.

  • 63 percent of victims refused to pay ransom, up from 59 percent in 2024.

  • Average ransomware and extortion cost remains high at 5.08 million USD.

  • Fewer organizations (40 percent) involved law enforcement despite evidence that doing so reduces costs .

5. Security Investments and Governance

One of the more surprising findings is that fewer organizations plan to increase security spending after a breach. While AI-driven solutions remain a top priority among those who do invest, the decline in overall post-breach investment may reflect fatigue, budget pressures, or misplaced confidence.

  • Post-breach investments declined: only 49 percent plan to increase security spending, down from 63 percent.

  • Among those investing, AI-driven solutions remain a priority, especially for threat detection (43 percent), IR testing (35 percent), and data protection (37 percent) .

ThreatMon Insights

The 2025 IBM report makes one thing clear: AI is rewriting the rules of cybersecurity. 

Defenders who embrace AI and automation are reducing breach lifecycles by months and saving millions. But attackers are just as adaptive. Phishing and impersonation powered by generative AI are already mainstream, and shadow AI is creating blind spots inside organizations that many leaders do not even know exist.

From a ThreatMon perspective, this is a critical inflection point. The findings validate why organizations need continuous monitoring, intelligence-driven defenses, and governance around AI usage. ThreatMon’s solutions can directly help address these challenges in four ways:

  1. AI-powered Threat Intelligence

    Our intelligence platform continuously tracks phishing kits, deepfake campaigns, and AI-driven attack infrastructure across the dark web. As attackers increasingly weaponize generative AI, ThreatMon helps organizations detect and anticipate these new forms of social engineering before they reach employees or customers.

  2. Shadow AI Detection and Governance

    The rise of shadow AI means unsanctioned tools are entering workflows without oversight. ThreatMon provides visibility into unauthorized AI use within the enterprise, mapping risks tied to exposed APIs, insecure plug-ins, and rogue SaaS models. By identifying and monitoring shadow AI, we reduce the chance of unexpected compromise.

  3. Faster Incident Detection and Response

    IBM’s data shows organizations that used AI extensively cut breach times by 80 days. ThreatMon’s automated monitoring, early breach detection, and real-time alerts deliver the same advantage. By surfacing actionable intelligence at speed, security teams can contain threats before they escalate into costly incidents.

  4. Resilience and Ransomware Defense

    With ransomware still costing an average of 5.08 million USD, resilience matters more than ever. ThreatMon supports organizations with ransomware-specific intelligence, law enforcement guidance, and IR playbook enhancements. Our intelligence-driven approach aligns with IBM’s recommendation to not just prevent breaches but also plan for fast recovery when they happen.

 

The bottom line: IBM’s 2025 report should serve as a wake-up call. AI will not wait for governance frameworks to catch up, and neither will attackers. ThreatMon equips organizations with the intelligence, visibility, and automation needed to not only close the AI oversight gap but to turn it into a defensive advantage. The organizations that succeed in this new era will be those that deploy AI with discipline, monitor it with rigor, and integrate threat intelligence at every stage of the breach lifecycle.

More posts

This image is about monthly vulnerabilities for September 2024.
Peek into Monthly Vulnerabilities: September 2024
October 9, 2024
This image is about the ServiceNow data leak.
ServiceNow Data Leak: Risks of Misconfigured Knowledge Bases
September 18, 2024
This image is about monthly vulnerabilities for July 2024.
Peek into Monthly Vulnerabilities: July 2024
August 12, 2024
This image is about Securing the Games- cyber strategies for the Paris Olympics 2024.
Securing the Games: Cyber Strategies for Paris Olympics 2024
August 9, 2024
Hunter’s Lens: Russian Influence Operations Targeting the Paris Olympics 2024
Hunter’s Lens: Russian Influence Operations Targeting the Paris Olympics 2024
August 2, 2024
View All
advanced divider

Share this article

Found it interesting? Don’t hesitate to share it to wow your friends or colleagues

advanced divider

Subscribe to our blog newsletter to follow the latest posts