AI breaches push data leak costs to new heights despite global decline

The global cost of a data breach dropped to $4.44 million, yet AI-related incidents are becoming more severe and harder to contain.
IBM’s 2025 report shows AI adoption is far outpacing oversight, with 13% of organisations already facing breaches in models or applications.

IBM’s 2025 Cost of a Data Breach Report revealed a sharp gap between rapid AI adoption and the oversight needed to secure it.

Although the global average data breach cost fell slightly to $4.44 million, security incidents involving AI systems remain more severe and disruptive.

Around 13% of organisations reported breaches involving AI models or applications, while 8% were unsure whether they had been compromised.

Alarmingly, nearly all AI-related breaches occurred without access controls, leading to data leaks in 60% of cases and operational disruption in almost one-third. Shadow AI (unsanctioned or unmanaged systems) played a central role, with one in five breaches traced back to it.

Organisations without AI governance policies or detection systems faced significantly higher costs, especially when personally identifiable information or intellectual property was exposed.

Attackers increasingly used AI tools such as deepfakes and phishing, with 16% of studied breaches involving AI-assisted threats.

Healthcare remained the costliest sector, with an average breach price of $7.42 million and the most extended recovery timeline of 279 days.

Despite the risks, fewer organisations plan to invest in post-breach security. Only 49% intend to strengthen defences, down from 63% last year.

Even fewer will prioritise AI-driven security tools. With many organisations also passing costs on to consumers, recovery now often includes long-term financial and reputational fallout, not just restoring systems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!