Key Takeaways from IBM’s 2025 Cost of a Data Breach Report
For 20 years, IBM’s Cost of a Data Breach Report has been one of the industry’s most trusted sources on the financial and operational impact of security incidents. Each edition provides a rare combination of breadth, spanning hundreds of breaches across industries and geographies, and depth, translating complex technical realities into metrics that security and business leaders can act on.
This year’s report breaks new ground by tracking AI-related security incidents for the first time. Given recent headlines, that decision feels both timely and necessary. AI is now deeply embedded in business processes, from customer service and product development to decision-making and analytics. Yet, as IBM’s data shows us, adoption is far outpacing oversight.
Globally, breach costs fell to 4.44 million dollars for the first time in five years, while in the United States they rose to a record 10.22 million dollars, driven by regulatory fines and detection costs. That contrast highlights how weak governance can turn AI adoption into a multiplier of both financial and operational risk.
AI Security Incidents Are Already Here
AI-related incidents remain a smaller share of breaches overall, but they are no longer hypothetical. IBM’s 2025 report found that 13 percent of organizations experienced a security incident involving their AI models or applications. In 97 percent of those cases, the systems lacked proper access controls, a gap that could have been prevented.
Another 8 percent of breached organizations were not sure whether their incident involved AI at all, which points to how limited visibility still is.
The most common impacts were:
1. Unauthorized access to sensitive data (31%)
2. Operational disruption (31%)
3. Loss of data integrity (29%)
4. Financial loss (23%)
5. Reputational damage (17%)
Attackers are also using AI as a force multiplier. Sixteen percent of breaches involved adversaries leveraging generative AI, most often for:
- AI-generated phishing (37%)
- Deepfake impersonation (35%)
These capabilities compress the time needed to execute convincing social engineering, shrinking hours of effort into minutes while increasing believability. The result is an environment where organizations must match attacker speed with equally adaptive detection and response.
Across IBM’s data, AI-related incidents stem from a mix of governance failures and diverse attack types. Three dimensions of risk stand out: shadow AI, AI-driven attacks, and AI supply chain compromise.
Shadow AI: Hidden Costs and Exposures
Shadow AI, which is defined as AI tools or models deployed without approval, was present in 20% of breaches. These incidents added an average of $670K to breach costs, showing how unmonitored adoption directly translates into financial risk.
The data profile of these breaches looked different from the global baseline:
1. Customer PII was compromised in 65% of shadow AI breaches, compared to 53% overall.
2. Intellectual property was exposed in 40%, also higher than average.]Data was most often spread across multiple environments and the public cloud, making 62% of shadow AI breaches harder to contain.
3. Containment was slower as well. Detection and remediation took about a week longer than the global average, adding $200K in additional costs.
Shadow AI is not a fringe issue. It drives up costs, broadens exposure to sensitive data, and stretches response timelines. The parallels to shadow IT are obvious, but the velocity of AI adoption makes the problem more acute.
AI Supply Chain Compromise – the Top AI Exploit
AI supply chain compromise emerged as the leading cause of AI-related breaches, accounting for 30% of incidents.
These attacks target the connective tissue of modern AI systems—apps, APIs, and plug-ins linked to models and applications—where trust relationships are easy to exploit.
The risks are amplified because:
1. Interconnected dependencies: AI systems rely on a web of third-party components, libraries, and integrations. A compromise anywhere in that chain can propagate to the core system.
2. High-value consequences: About one-third of affected organizations suffered operational disruption (31%), unauthorized access to sensitive data (31%), or loss of data integrity (29%).
3. Shared vulnerabilities across environments: These compromises often intersect with multi-environment deployments, widening the blast radius of an attack.
4. Third-party concentration: IBM found most AI incidents originated with external vendors, with SaaS-delivered AI responsible for 29% of reported cases.
5. Other AI-specific attack types ranked lower in frequency: model inversion (24%), model evasion (21%), prompt injection (17%), and data poisoning (15%).
The concentration of incidents in the supply chain signals that attackers see the greatest leverage where AI connects outward, through APIs, integrations, and services that often fall outside direct organizational control.
AI Magnifies Old Risks
One of the most striking findings from the report is that AI does not introduce wholly new categories of risk. Instead, it amplifies existing ones. Shadow IT has long been a source of hidden exposure. Shadow AI repeats the pattern at higher speed and with broader consequences.
The report quantifies that effect:
- Organizations with high levels of shadow AI saw average breach costs rise to $4.74M, compared to $4.07M for those with little or none, a $670K increase.
- Breaches involving shadow AI stretched longer, taking about a week more to detect and contain, adding another $200K in cost.
- Customer PII appeared in 65% of shadow AI breaches, compared to 53% across all breaches.
The inverse is also true. When AI is integrated into security programs with governance and automation, it drives costs down:
Extensive use of AI and automation in security lowered average breach costs by $1.9M and shortened the breach lifecycle by 80 days.
Organizations not using these tools paid $5.52M per breach, compared to $3.62M for those with extensive use.
AI is a force multiplier on both sides. Left ungoverned, it increases cost, widens exposure, and slows response. Applied deliberately in defense, it accelerates detection, containment, and resilience.
