IBM Report: 97% of AI-breached organizations lack security controls

Applications of AI
Michael LewisLeave a Comment on IBM Report: 97% of AI-breached organizations lack security controls


We Violation costs will increase $10.22 milliondespite the global average cost of violations decreases $4.44 million;only 49% Planning to invest in security for compromised organizations

Armonk, New York, July 30, 2025 /prnewswire/ -IBM (NYSE: IBM) today released the cost of a data breach report. The total number of organizations experiencing AI-related violations is a small representation of the population studied, but this is the first time that AI security, governance and access control have been studied in this report. This suggests that AI is already an easy and highly value target.

  • 13% The organization that reported a violation of the AI model or application 8% It has been reported that no organizations have been found to know whether they have been compromised in this way.
  • Though I compromised, 97% Report that AI access control is not in place.
  • As a result, 60% Data from AI-related security incidents leads to data breaches, 31% This led to operational disruption.

This year's results show that organizations bypass AI security and governance and support current adoption. A government-free system is likely to be compromised, and in that case it is even more expensive.

“The data shows that there is already a gap between AI adoption and surveillance and threat actors are beginning to exploit it,” said Suja Visvessan, vice president of security and runtime products at IBM. “This report reveals the lack of basic access controls for AI systems, revealing highly sensitive data and models are vulnerable to operations. As AI is deeply embedded within the entire business operation, AI security must be treated as a foundation.

However, the report revealed that widespread use through security operations using AI and automation saved averages. $1.9 million Violation costs reduced the average 80 days of violation lifecycle.

The 2025 report, sponsored and analyzed by the Ponemon Institute, is based on data breaches experienced by 600 organizations worldwide from March 2024 to February 2025. Here are some key findings on AI security and breach, financial costs of violations, and operational disruptions:

Violation and the AI era

  • AI Governance Policy. 63% There is no AI governance policy for the compromised organization or you are still developing a policy. Only organizations that implement AI governance policies, 34% Perform periodic audits of unauthorized AI.
  • Shadow AI costs. One in five organizations reported a violation due to ShadowAI. 37% There is a policy that manages AI or detects Shadow AI. Organizations using high levels of shadow AI observed averages $670,000 Shadow AI is low or higher than non-level violation costs. Security incidents, including Shadow AI, have brought more personally identifiable information (65%) and intellectual property (40%) Compromised against the global average (53% and 33% each).
  • Smarter attacks with AI. 16% Of the violations studied, attackers using AI tools were involved in most cases due to phishing and deepfake spoofing attacks.

Financial costs of violation

  • Data Breach Cost. The global average cost of data breaches is $4.44 millionfirst decline in five years, average We The cost of violation reached record $10.22 million.
  • The global violation life cycle has reached record record. The global average violation lifecycle (average time to identify and contain violations, including restoration services) fell to 241 days. We also observed organizations that detected violations internally. $900,000 Savings in violation costs compared to those disclosed by the attacker.
  • Healthcare violations are still the most expensive. Averaging $7.42 millionHealthcare violations remained the most expensive in all studied industries, even if this sector saw it. $2.35 million Cost reduction compared to 2024. Violations in this sector take the longest time to identify and contain in 279 days. This is more than five weeks longer than the global average of 241 days.
  • Ransom payment fatigue. Last year, the organization pushed back against ransom demands and chose not to pay (63%) Compared to the previous year (59%). As more organizations refuse to pay the ransom, the average cost of a fear tor or ransomware case remains high, especially when disclosed by an attacker ($5.08 million).
  • Security investments stall as AI risks increase. The number of organizations that said they would invest in security following the violation has dropped significantly. 49% Compared to 2025 63% 2024. Less than half of those planning to invest in post-security breaches will focus on AI-driven security solutions or services.

Long tail of violation: operational confusion

According to a 2025 IBM report, almost every organization that investigated suffered operational disruption following a data breaches. This level of confusion is taking a blow to the recovery timeline. Of the organizations reporting recovery, most took more than 100 days on average.

However, the outcome of the violation continues to expand beyond containment. While the decline compared to the previous year, nearly half of all organizations reported planning to raise prices for goods or services due to violations, and nearly a third reported price increases 15% No more than that.

About data breach reporting costs

Data Breach Reporting Costs have investigated nearly 6,500 data breaches over the past 20 years. Since the first report in 2005, the nature of the violation has evolved dramatically. At the time, the risk was primarily physical. Today, threat landscapes are overwhelmingly digital and increasingly targeted, with violations being driven by a spectrum of malicious activity.

With the growing pace of adoption of enterprise AI, for the first time, we studied the state of data breach investigations' security and governance, the type of data targeted at AI security incidents, the cost of violations associated with AI-driven attacks, and the prevalence and risk profiles of shadow AI prevalence and risk profiles (unadjusted, AI). Historical findings from past reports include:

  • 2005: Almost half (45%) All data breaches were caused by lost or stolen computing devices such as laptops and thumb drives. 10% The violation was due to hacked electronic systems.
  • 2015: Cloud misconceptions were not even classified threats, but today they are the main target.
  • 2020: Ransomware began to surge, and by 2021 it was the average $4.62 million The number reached average this year due to violation costs. $5.08 million (When the incident is disclosed by the attacker).
  • 2025: AI, which was first included in this year's research, is quickly emerging as a high-value target.

Additional sources:

  • For more information, download a copy of the 2025 cost of the Data Breach Report.
  • Sign up for the 2025 IBM Cost for the 11:00am data breach webinar on Wednesday, August 13th, 2025.
  • For more information about the top findings of this IBM blog report, see details.

About IBM
IBM is a leading global hybrid cloud and AI provider and consulting expertise. Help clients from over 175 countries leverage insights from data, streamline business processes, reduce costs and gain competitiveness in the industry. Thousands of government and business institutions in critical infrastructure areas such as financial services, telecommunications, and healthcare rely on IBM's hybrid cloud platform and Red Hat OpenShift to quickly, efficiently and safely impact digital transformations. IBM's groundbreaking innovations in AI, quantum computing, industry-specific cloud solutions and consulting provide clients with open and flexible options. All of this is supported by IBM's long-standing commitment to trust, transparency, responsibility, inclusivity and services. For more information, please visit www.ibm.com.

Media Contact:

IBM
Michele Blancati
mbrancati@ibm.com

IBM Corporation logo. (Prnewsfoto/IBM Corporation)

cision View original content and download multimedia: https://www.prnewswire.com/news-releases/ibm-report-13-of-ganizations—-breaks-of-ai-models- or applications-of-of- which-reported lacked-lacking-racking-proper-ccess-30251664.html

Source IBM



Source link

Related Posts

Argus revolutionizes financial transactions with innovative cryptocurrency payment gateways and AI applications

Michael Lewis

AI Data Center Workload Pivot prefers databases over applications | Insights

Michael Lewis

Meta uses your data to train its AI. Here's how to opt out:

Michael Lewis

Leave a Reply

Your email address will not be published. Required fields are marked *