| CARVIEW |
Cost of a Data Breach Report 2025
The AI oversight gap
New global research from IBM and Ponemon Institute reveals how AI is greatly outpacing security and governance in favor of do-it-now adoption. The findings show that ungoverned AI systems are more likely to be breached and more costly when they are.
The global average cost of a data breach, in USD, a 9% decrease over last year—driven by faster identification and containment.
Share of organizations that reported an AI-related security incident and lacked proper AI access controls.
Share of organizations that lacked AI governance policies to manage AI or prevent the proliferation of shadow AI.
Cost savings, in USD, from extensive use of AI in security, compared to organizations that didn’t use these solutions.
Key takeaways
Join IBM cybersecurity expert Jeff Crume as he unpacks this year’s key findings, strategic takeaways and recommendations for how you can limit risk and safeguard your AI, data, people and infrastructure.
Take action
-
Identity securityIdentity security
-
Data securityData security
-
AI oversightAI oversight
-
Security automationSecurity automation
-
Improve resilienceImprove resilience
AI and automation can fortify identity security without overburdening understaffed teams. Implementing strong operational controls for non-human identities (NHIs) and adopting modern, phishing-resistant authentication methods, such as passkeys, can significantly reduce the risk of credential abuse.
Implement strong data security fundamentals: data discovery, classification, access control, encryption and key management. Leverage AI and data security to protect data integrity and avoid compromise. These measures are essential as AI becomes both a threat vector and a security tool.
Investing in integrated security and governance solutions allows organizations to gain visibility into all AI deployments (including shadow AI), mitigate vulnerabilities, protect prompts and data and use observability tools to improve compliance and detect anomalies.
As attackers use AI for more adaptive attacks, security teams must also embrace AI technologies. AI-powered security tools and services can reduce alert volume, identify at-risk data, spot security gaps, detect breaches early and enable faster, more precise responses.
Building resilience means quick detection and containment of security issues. Effective crisis response means regularly testing incident response (IR) plans and backups, defining clear roles in the event of a breach and conducting crisis simulations.
AI and automation can fortify identity security without overburdening understaffed teams. Implementing strong operational controls for non-human identities (NHIs) and adopting modern, phishing-resistant authentication methods, such as passkeys, can significantly reduce the risk of credential abuse.
Implement strong data security fundamentals: data discovery, classification, access control, encryption and key management. Leverage AI and data security to protect data integrity and avoid compromise. These measures are essential as AI becomes both a threat vector and a security tool.
Investing in integrated security and governance solutions allows organizations to gain visibility into all AI deployments (including shadow AI), mitigate vulnerabilities, protect prompts and data and use observability tools to improve compliance and detect anomalies.
As attackers use AI for more adaptive attacks, security teams must also embrace AI technologies. AI-powered security tools and services can reduce alert volume, identify at-risk data, spot security gaps, detect breaches early and enable faster, more precise responses.
Building resilience means quick detection and containment of security issues. Effective crisis response means regularly testing incident response (IR) plans and backups, defining clear roles in the event of a breach and conducting crisis simulations.
Mixture of Experts
Suja Viswesan, Vice President, Security and Runtime Products, joins us to explore takeaways from the Cost of a Data Breach Report 2025. What do we need to know about the risk of rapid AI adoption?
Tune in to Mixture of Experts to find out!
Read our report to learn why racing to adopt AI without security and governance puts your data and reputation at risk.