AI Tools Detect Breaches Quicker but Shadow AI Causes Breaches, Too
The global average of costs stemming from a data breach is coming down, a possible testament to quicker detection and containment. Whatever the cause, it doesn’t apply in the United States, where breach victims reported another year of escalating costs from cleaning up the aftermath of a breach.
See Also: Beyond Replication & Versioning: Securing S3 Data in the Face of Advanced Ransomware Attacks
Researchers behind an annual survey published by IBM tracking data breach costs pegged the average monetary hit of a breach as $4.44 million, down from an all-time high of $4.9 million last year and very slightly less than the $4.5 million reported in 2023.
The picture is different in the U.S., where breach victims reported average costs of $10.22 million, up from $9.36 million the previous year. The average cost of a breach was also high in the Middle East, averaging $7.29 million, while firms in Australia, India and South Africa reported an average cost of less than $3 million, with Brazil reporting only $1.22 million.
IBM partially attributed increased speed in detection and containment reported by breach victims to artificial intelligence tools. But AI also creates risk, with the firm’s newest “Cost of a Data Breach report” identifying a surge in data breaches stemming from the use of shadow AI tools internally. Those “high-value target” tools tend to expose more personally identifiable information and intellectual property than other types of breaches.
The report, published Wednesday, is based on research conducted by Ponemon Institute, which surveyed 600 organizations across 17 industries in 16 countries and regions, that suffered a data breach between March 2024 and February 2025.
The average breach life cycle – defined by IBM as “the mean time to identify and contain a breach,” including restore services – fell from 268 days last year to 241 days this year. More organizations detected the breach themselves, without needing to be notified by a third party, and that internal detection equates to faster breach detection as well as spending an average of $900,000 less on response.
Researchers defined a data breach “as an event in which records containing PII, financial or medical account details, or other secret, confidential or proprietary data are potentially put at risk.”
Nearly every organization that suffered a breach reported experiencing operational disruptions, with recovery taking an average of more than 100 days.
The greatest proportion of breached businesses surveyed are U.S.-based, comprising 11% of all organizations interviewed, followed by organizations based in India at 9%, the U.K. and Brazil at 8%, and Germany, Japan and the Middle East at 7%. The top four industries surveyed – financial, industrial, professional services and technology – accounted for 47% of the 600 organizations studied.
Nearly half of breached businesses expected to pass incident response costs on to consumers by raising the price of their goods or services, down from 65% last year, the study says. One-third of organizations said they planned to raise prices by 15% or more. Costs include a range of direct expenses, such as bringing in digital forensic experts, contracting with hotline support and credit monitoring services. Indirect costs can include in-house investigation resources and communicating with senior executives and boards, as well as potential losses due to reputational damage.
Shadow AI and Ransomware
This year’s study, which is the first time IBM investigated AI security and governance, found one in five organizations reported a breach that traced to shadow AI, meaning it was being used without employer approval or oversight. Despite this risk, only 37% of respondents reported having policies either to locate or manage shadow AI.
The study found two-thirds of organization don’t have an AI governance process in place, and of the ones that do, only one-third conduct regular policy compliance audits.
“The data shows that a gap between AI adoption and oversight already exists, and threat actors are starting to exploit it,” said Suja Viswesan, IBM’s vice president for security and runtime products (see: Why Agentic AI Security Must Be Baked In – Not Bolted On).
Organizations with a relatively high level of shadow AI use reported average breach costs that were $670,000 higher than the norm. Shadow AI breaches also exposed PII in 65% of cases and intellectual property in 40% of cases, compared to global averages of 53% and 33%, respectively.
Many AI systems don’t appear to be well secured. “The report revealed a lack of basic access controls for AI systems, leaving highly sensitive data exposed and models vulnerable to manipulation,” Viswesan said. “As AI becomes more deeply embedded across business operations, AI security must be treated as foundational. The cost of inaction isn’t just financial, it’s the loss of trust, transparency and control.”
IBM’s study said most breaches trace to malicious incidents, including phishing, rogue insiders and ransomware. The study didn’t quantify how many organizations suffered a breach due to ransomware, but when they did, they reported average breach costs of $5.08 million, up from $4.62 million last year. More organizations said they declined to pay a ransom: 63% this year, up from 59% last year.
Last year, IBM reported that organizations that involved law enforcement reported seeing lower breach costs as a result. Even so, only 40% of organizations this year involved law enforcement, down from 53% last year.
Historically, breaches have driven many businesses to overhaul their cybersecurity strategy. Last year, 63% of respondents to IBM’s study said they planned to increase their post-breach security investments, which this year fell to 49%.