A new report has headlined that global average data breach costs declined in 2025, largely attributed to faster breach identification and containment, driven by increased use of AI and automation in security operations. For the first time, IBM’s Cost of a Data Breach Report 2025 focused on quantifying how rapid AI adoption is reshaping breach risk, cost, and response effectiveness across enterprises.
2025 saw data breach costs come in at $4.44 million, down from $4.88 million in 2024. Organizations that extensively use AI and automation in security operations shortened breach lifecycles by an average of 80 days and reduced costs by $1.9 million compared with peers that did not.
That progress, however, is uneven and fragile. In the United States, average breach costs rose 9% year over year to $10.22 million, the highest of any region studied. Higher regulatory penalties, detection costs, and escalation expenses offset efficiency gains, underscoring how regulatory environments materially shape breach economics.
While only 13% of organizations reported breaches directly involving their AI models or applications, nearly all of those incidents — 97% — occurred in environments lacking basic AI access controls. The most common entry points were compromised AI supply chain components, including third-party apps, APIs, and plug-ins. These incidents frequently cascaded into broader data compromise and operational disruption, signaling that AI systems are becoming high-value targets even at early stages of enterprise deployment.
Governance gaps emerge as a central cost driver. Sixty-three percent of breached organizations reported having no AI governance policy or one still under development. Even among those with formal policies, approval processes, technical enforcement, and audit mechanisms remain limited. Shadow AI — unsanctioned use of AI tools by employees — has moved into the top tier of breach cost factors. One in five organizations attributed a breach to shadow AI, adding an average of $670,000 to total breach costs and increasing exposure of personally identifiable information and intellectual property across hybrid and multi-cloud environments.
Attackers are also adopting AI at scale. The report finds that one in six breaches involved AI-driven attack techniques, most commonly AI-generated phishing and deepfake impersonation. These methods reduce attacker effort while increasing success rates, compressing the time defenders have to detect and respond.
Traditional breach vectors remain costly. Malicious insider attacks produced the highest average breach cost at $4.92 million, followed closely by third-party and supply chain compromises. Phishing remained the most frequent attack vector overall. Ransomware incidents continued to carry high financial impact, averaging $5.08 million when disclosed by attackers, even as more organizations refused to pay ransoms.
Despite rising complexity, post-breach investment intent is declining. Fewer than half of organizations plan to increase security spending after an incident, and only a subset of those investments target AI-driven security capabilities. The data suggests a widening gap between the pace of AI adoption and the maturity of the controls designed to secure it.
Collectively, the findings position AI as a force multiplier in breach economics. When integrated into security operations, it lowers costs and accelerates response. When deployed without governance, access controls, and oversight, it introduces new systemic risk that can quickly outweigh those gains.