US violation costs will rise $10.22 milliondespite the global average cost of violations decreases $4.44 million;Only 49% of compromised organizations plan to invest in security
IBM has released the cost of a data breach report that reveals that AI adoption is far outweighing AI security and governance. The total number of organizations experiencing AI-related violations is a small representation of the population studied, but this is the first time that AI security, governance and access control have been studied in this report. This suggests that AI is already an easy and highly value target.
- Though 13% of organizations reported violations of AI models or applications, 8% of organizations reported not knowing whether they compromised in this way.
- Although compromised, 97% report that AI access controls are not in place.
- As a result, 60% of AI-related security incidents led to data breaches, and 31% caused operational disruption.
This year's results show that organizations bypass AI security and governance and support current adoption. A government-free system is likely to be compromised, and in that case it is even more expensive.
“This data shows that there is already a gap between AI adoption and surveillance and threat actors are beginning to exploit it,” said Suja Visvessan, vice president of security and runtime products at IBM. “This report reveals the lack of basic access controls in AI systems, revealing highly sensitive data and models are vulnerable to operations. As AI is embedded deep within the entire business operation, AI security must be treated as a foundation. It is not just a loss of trust, transparency and control, as well as the cost of omission.”
Also Read: Aithority Interview with Dr. Petar Tsankov, CEO and co-founder of LatticeFlow AI
However, the report revealed that widespread use through security operations using AI and automation saved averages. $1.9 million Violation costs reduced the average 80 days of violation lifecycle.
The 2025 report, conducted by the Ponemon Institute, is based on data breaches sponsored and analyzed by IBM and experienced by 600 organizations around the world. March 2024 Through February 2025. Here are the key findings from the report on AI security and breach, financial costs of violations, and operational disruptions:
Violation and the AI era
- AI Governance Policy. 63% of breached organizations do not have AI governance policies or are still developing policies. Only 34% of organizations implementing AI governance policies conduct regular audits of unauthorized AI.
- Shadow AI costs. One in five organizations reports violations by Shadow AI, and only 37% have a policy to manage AI and detect Shadow AI. Organizations using high levels of shadow AI observed averages $670,000 Shadow AI is low or higher than non-level violation costs. Security incidents, including Shadow AI, have now compromised more personally identifiable information (65%) and intellectual property (40%) compared to the global average (53% and 33%, respectively).
- Smarter attacks with AI. 16% of the violations investigated mostly involved attackers using AI tools for phishing and deepfake spoofing attacks.
Financial costs of violation
- Data Breach Cost. The global average cost of data breaches is $4.44 millionThe first decline in five years reached record average US costs of violations $10.22 million.
- The global violation life cycle has reached record record. The global average violation lifecycle (average time to identify and contain violations, including restoration services) fell to 241 days. We also observed organizations that detected violations internally. $900,000 Savings in violation costs compared to those disclosed by the attacker.
- Healthcare violations are still the most expensive. Averaging $7.42 millionHealthcare violations remained the most expensive in all studied industries, even if this sector saw it. $2.35 million Cost reduction compared to 2024. Violations in this sector take the longest time to identify and contain in 279 days. This is more than five weeks longer than the global average of 241 days.
- Ransom payment fatigue. Last year, the organization pushed back against ransom demand. This did not choose not to pay (63%) compared to the previous year (59%). As more organizations refuse to pay the ransom, the average cost of a fear tor or ransomware case remains high, especially when disclosed by an attacker ($5.08 million).
- Security investments stall as AI risks increase. In 2025, the number of organizations planning to invest in post-breach security was significantly reduced by 49% in 2025, compared to 63%.
Long tail of violation: operational confusion
According to a 2025 IBM report, almost every organization that investigated suffered operational disruption following a data breaches. This level of confusion is taking a blow to the recovery timeline. Of the organizations reporting recovery, most took more than 100 days on average.
However, the outcome of the violation continues to expand beyond containment. While the decline compared to the previous year, nearly half of all organizations reported planning to raise prices for goods or services due to violations, with nearly a third reporting price increases of more than 15%.
Also, AI architecture for reading and translation
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
