The landscape of cybersecurity threats continues to evolve rapidly and expensively. IBM’s Cost of a Data Breach Report 2025, based on research from the Ponemon Institute, dives deep into breach patterns from over 600 organizations affected between March 2024 and February 2025. Drawing on insights from over 3,000 executives worldwide, the 20th edition of the annual IBM cost of data breach report 2025 highlights rising threats, the role of AI in both defense and offense, and the increasing cost of inaction.

Here are five key takeaways from IBM’s cost of data breach report 2025.

5 Key Takeaways from IBM’s Cost of Data Breach Report 2025

Here are five key takeaways from IBM cost of data breach report 2025.

1. AI Is Both a Cybersecurity Ally and an Emerging Target

Organizations that deployed AI and automation in their cybersecurity stack were able to reduce breach lifecycles by 80 days on average, compared to those without such tools. This faster containment saved these organizations an average of $1.9 million per breach. 

AI-powered threat detection and response tools are helping security teams respond faster and more efficiently, especially as breach attempts become more sophisticated and persistent. Faster containment limits the extent of data exposure and potential financial penalties.

However, 13% of organizations reported breaches of AI models or applications. Alarming still, 97% of those breaches involved AI systems that lacked proper access controls. Explanation: As AI is increasingly integrated into operations, it also becomes a high-value target for attackers. Without strong controls, AI models can be manipulated or exposed, leading to compromised decision-making systems and sensitive data leakage.

According to IBM’s cost of data breach report 2025, 63% of breached organizations said they either lacked an AI governance policy or were still developing one. Of the remaining 37%, only 34% perform regular audits to detect unauthorized AI use. A major governance gap exists between AI adoption and oversight. The failure to track and secure AI systems leaves organizations open to new classes of cyber threats — including model poisoning, unauthorized inference, and data leaks.

2. Phishing Surges as Top Initial Attack Vector

Phishing accounted for 16% of initial attack vectors, overtaking stolen credentials as the most common method used by attackers to gain system access. Phishing remains a cost-effective and scalable method for attackers to deceive users. Its effectiveness has surged with the help of generative AI, which produces highly convincing phishing emails in a fraction of the time.

The average cost of a phishing-related breach was $4.8 million, making it one of the costliest types of attack vectors. These attacks often lead to significant credential compromise and unauthorized access, resulting in widespread data theft and regulatory consequences. 

Supply chain compromise became the second most common initial vector at 15%, and tied for the second costliest at $4.91 million per breach. Attackers are exploiting weaknesses in third-party relationships to infiltrate target organizations. These breaches are complex to investigate, harder to contain, and often involve multiple systems and jurisdictions.

3. Shadow AI Is Driving Up Breach Costs and Complexity

According to IBM’s cost of data breach report 2025, 20% of respondents said they experienced a breach caused by incidents involving shadow AI — the use of unauthorized or unmanaged AI tools. Employees or departments may deploy AI without IT oversight, unintentionally exposing the organization to risks such as poor access control, data leakage, or compliance violations.

Breaches involving shadow AI added an average of $670,000 in cost per incident compared to those with little or no shadow AI presence. These unmonitored systems increase attack surfaces and result in longer detection and response times, ultimately inflating costs and regulatory exposure.

Shadow AI-related breaches compromised 65% more personally identifiable information (PII) and 40% more intellectual property (IP), and typically involved multi-environment storage. Shadow AI systems often operate outside of approved IT infrastructure, and when breached, expose highly valuable data across hybrid or distributed environments, making containment difficult.

4. Storage Location Greatly Impacts Breach Risk and Cost

According to IBM’s cost of data breach report 2025, 30% of all breaches involved data stored across multiple environments — including on-premises, private cloud, and public cloud. That’s down from 40% the year before. While slightly less common than last year, multi-environment data breaches remain costly due to their complexity and the number of systems involved in remediation efforts.

These multi-environment breaches cost organizations an average of $5.05 million, making them the most expensive breach type by storage location. Distributed data environments complicate visibility, access control, and forensics. This makes detection and containment more difficult, often requiring third-party investigations and extended downtime.

Breaches involving on-premises storage rose sharply from 20% to 28% year over year, with an average cost of $4.01 million per incident. While cloud security tends to be more scrutinized, many organizations still underestimate the vulnerabilities of legacy on-prem systems, particularly those lacking modern patching and monitoring mechanisms.

5. U.S. Breach Costs Hit Record Highs — Healthcare Still Suffers Most

The global average cost of a data breach fell for the first time in five years to $4.44 million, indicating modest progress in incident response and containment. This drop suggests that broader adoption of AI-driven defense tools and automation is paying off for some organizations globally — although regional and sectoral disparities persist.

In stark contrast, the average cost in the U.S. surged to $10.22 million, driven by higher regulatory fines and more complex detection and escalation costs. Strict compliance mandates (like HIPAA, CCPA, and SEC disclosure rules), coupled with high-value data exposure, contribute to the U.S. leading the world in breach-related financial impact.

For the 14th year in a row, healthcare breaches were the most expensive, with an average cost of $7.42 million. These breaches also took the longest to identify and contain, averaging 279 days. Healthcare data — such as medical histories, insurance IDs, and personal identifiers — is incredibly valuable on the black market. The complexity and interconnectivity of hospital IT systems make them hard to secure and quick to crumble under attack.

AI Governance and Identity Security Are Non-Negotiable

IBM’s key recommendation centers on identity and access management (IAM). With both human and AI users relying on credentials, organizations must prioritize:

• Credential vaulting for all users (human and non-human)
• Access visibility into AI agents and automated systems
• Policy enforcement for shadow AI detection and usage
• Regular audits of AI systems and data access logs

Organizations should also invest in AI governance frameworks, not only for compliance but also to protect intellectual property, brand integrity, and customer trust. “The cost of inaction isn’t just financial,” said Suja Viswesan, Vice President of IBM Security. “It’s the loss of trust, transparency and control.”

Conclusion:

IBM Cost of Data Breach Report 2025 paints a clear picture: while technological innovation — especially AI — has the power to transform cybersecurity, it also introduces new vulnerabilities. Organizations must strike a balance between rapid AI adoption and strong oversight.

Faster breach detection and response, strong IAM practices, and AI security audits are no longer optional. With average breach costs in the millions and reputations at stake, proactive security investment now will yield returns in resilience, compliance, and trust.

Which of these findings shocked you the most from IBM’s cost of data breach report 2025? Share it with us in the comments section below.