The Economics of a Breach Are Changing, and AI Is the Key Variable

We’ve reached a moment where AI is materially changing how breaches happen and how much they cost. IBM’s 2025 Cost of a Data Breach report shows the clearest signal yet: AI-driven security is lowering breach costs through faster containment, while ungoverned AI and shadow tools are quietly driving costs up. The balance between benefit and risk is shifting fast. What leaders choose to prioritize now—AI governance, investment, and oversight—will define the future of cybersecurity outcomes.

The Breach Cost Equation: 6 Factors That Matter

Speed, savings, and systems you didn’t approve

1. Breach costs are falling globally, but not everywhere.
   The global average breach cost fell 9% from last year, thanks in large part to faster detection and containment, driven by AI security and automation.

   But not every region saw relief.

   In the United States, breach costs increased to $10.22 million, the highest ever recorded in any region. Steeper regulatory fines and higher detection costs drove the spike, bucking the global trend.

2. AI reduces breach costs but also introduces new attack vectors.
   Security teams that used AI and automation extensively reported $1.9 million in cost savings and 80 fewer days to detect and contain a breach compared to those that didn’t.

   But attackers are leveraging AI too. One in six breaches involved an AI-driven attack, often in the form of phishing (37%) or deepfake impersonation (35%).

3. Shadow AI has overtaken the skills gap as a top breach risk.
   This year, 20% of organizations reported breaches involving shadow AI—unsanctioned AI tools or models deployed without oversight. These breaches added an average of $670,000 to breach costs, and most often compromised customer personally identifiable information (PII) (65%) and intellectual property (40%).

4. Organizations are adopting AI without the oversight to secure it.
   Despite rising adoption, governance has not kept pace. 63% of breached organizations had no AI governance policies in place. Even among those that did, only 34% conducted regular audits to detect unsanctioned AI activity.

5. Post-breach investment in AI security remains low despite its impact.
   Only 49% of breached organizations said they planned to increase security investments. That’s down significantly from 63% in 2024. Among those who will invest, less than half said they would focus on AI-driven security tools.

6. Healthcare breaches cost more and take longer to resolve.
   For the 14th year in a row, healthcare recorded the highest average breach cost at $7.42 million, despite a year-over-year decrease. Breaches in this sector also took the longest to detect and contain—279 days, five weeks longer than the global average.

The Bottom Line

AI is fundamentally reshaping the economics of cyber risk, reducing breach costs where it’s used effectively and driving them up where it’s mismanaged or ignored. IBM’s research underscores the need for AI adoption, AI governance, visibility, and secure-by-design deployment practices.

Explore these IBM insights and more in the complete IBM 2025 Cost of a Data Breach report here: www.ibm.com/reports/data-breach.

1. Research and Markets, Digital Twins Market by Technology, Twinning Type, Cyber-to-Physical Solutions, Use Cases and Applications in Industry Verticals 2024 – 2029, June 2024
2. Gartner, Emerging Tech: Revenue Opportunity Projection of Simulation Digital Twins, May 2024
3. Deloitte, From manufacturing to medicine: How digital twins can unlock new industry advantages, June 2025
4. Market.us, Global Digital Twins-as-a-Service (DTaS) Market, April 2024
5. McKesson, Human-centric manufacturing, April 2023