IBM Report: 13% of Firms Suffer AI Breaches Due to Poor Controls

AI Security Crisis Exposed

IBM's 2025 Cost of a Data Breach Report reveals critical security gaps in AI implementation across organizations. The study found that 13% of companies experienced breaches targeting AI models or applications, with 97% of compromised organizations lacking proper access controls.

Key Findings

Among affected organizations, 60% suffered data compromise while 31% faced operational disruption. The research highlights a dangerous trend where AI adoption outpaces security governance - 63% of breached entities either lack AI governance policies or have incomplete frameworks.

Shadow AI Threat

One in five organizations reported breaches from unauthorized "shadow AI" usage. Companies with high shadow AI usage incurred $670,000 higher breach costs on average. Attackers increasingly weaponize AI too, with 16% of breaches involving AI-powered phishing or deepfakes.

Financial Impact and Response

While global breach costs decreased to $4.44 million, US costs hit a record $10.22 million. Healthcare remains the most expensive sector at $7.42 million per breach despite a $2.35 million year-over-year reduction.

Concerning Security Trends

Only 49% of breached organizations plan security investments post-incident - a significant drop from 63% in 2024. Among those investing, less than half prioritize AI-driven security solutions. Ransomware costs remain high at $5.08 million when attackers disclose incidents.

Operational Consequences

Nearly all breached companies experienced operational disruption, with recovery typically exceeding 100 days. Nearly half of organizations increased product/service prices due to breaches, with 31% implementing hikes of 15% or more.

Historical Context

This 20th anniversary report shows how breach causes evolved from physical device loss (45% in 2005) to sophisticated AI-targeted attacks today. The global breach lifecycle improved to 241 days - 17 days faster than 2024.