Excerpt from PR Newswire Article, Published on July 30, 2025
In its latest Cost of a Data Breach Report, IBM unveils a striking disconnect: while enterprise AI adoption accelerates, security and governance are lagging seriously behind. The study, based on data breaches experienced by 600 organizations globally from March 2024 through February 2025, marks the first time IBM has rigorously examined security, governance, and access controls specific to AI environments.
IBM’s findings are alarming for any organization leveraging AI. According to the report, 13% of surveyed organizations experienced breaches involving AI models or applications, and another 8% aren’t sure whether they have been similarly compromised. Even more startling, 97% of those hit by an AI-related breach reported lacking proper AI access controls at the time of the incident.
The consequences of these lapses are not trivial. Sixty percent of incidents led to compromised data, and nearly a third resulted in operational disruption. This report underscores a risky trend: as AI becomes deeply embedded in critical business operations, many organizations are skipping essential governance and security in favor of rapid deployment. As seen in other previous IBM research, ungoverned systems are not only more likely to be breached, but also prove far costlier to recover.
Shadow AI—unauthorized or unsanctioned use of AI within organizations—further drives up risk and costs. Businesses that encountered breaches linked to shadow AI faced an average of $670,000 more in breach expenses, with higher rates of compromised personally identifiable information and intellectual property.
Despite these findings, only 49% of impacted organizations plan to invest in security measures. Less than half of those intend to target AI-driven safeguards, even as threat actors increasingly deploy AI for sophisticated phishing and deepfake attacks.
IBM’s report makes it clear: AI can dramatically improve efficiency and performance, but unless security and governance are built in from the start, organizations risk not just financial loss, but the erosion of trust and control.
To delve deeper into this topic, read the PR Newswire Article.
