Reduction in Global Data Breach Costs Attributed to AI and Automation in Last Five Years
In the digital age, the cost of a data breach continues to be a significant concern for organizations worldwide. The Cost of a Data Breach Report 2025, recently released, provides insights into the current trends and challenges in this area.
One notable finding is a decline in the global average cost of a data breach by 9%, to USD 4.44 million. This decrease is attributed to a quicker containment of breaches, linked to the increased use of AI and automation in security. However, the report also highlights that the global average cost does not reflect the experience of all countries, particularly the United States.
In the US, the average cost of a data breach has risen by 9% to a new record of USD 10.22 million. This increase is not explained by the report, but factors such as the rising costs of detection and higher regulatory fines may contribute.
The increased use of AI in security is not without its challenges. The report reveals a significant "AI oversight gap," where 97% of breached organizations with AI-related incidents lack proper AI access controls, and 63% of organizations have no AI governance policies to manage AI use or shadow AI (unapproved AI tools used by employees). This lack of governance leads to costly security breaches, with shadow AI contributing an additional average cost of USD 670,000 per breach.
AI is both an enabler and a threat in cybersecurity. On the threat side, AI-powered attacks are increasingly sophisticated, adaptive, and automated, making them harder to detect and mitigate by traditional defenses. For example, generative AI is used by attackers to produce convincing phishing emails, malware that evades detection, and sophisticated social engineering such as deepfakes.
On the governance side, a critical challenge is defining clear AI policies and rules for data usage, privacy, and AI model deployment. Failure to integrate AI governance with cybersecurity frameworks leaves organizations exposed to intellectual property theft, large-scale breaches, and operational failure during AI workload disruptions.
The healthcare industry continues to face the highest average breach costs at USD 7.42 million, due to the high value of compromised patient personal identification information (PII). Customer PII is the most commonly compromised data, but intellectual property is the most expensive per record, costing USD 178.
Interestingly, a majority of breached organizations (63%) either do not have an AI governance policy in place or are still in the process of developing one. This is a concern, as more organizations are refusing to pay the ransom in ransomware attacks (63% in 2025), but the average cost of a ransomware attack remains high at USD 5.08 million.
In summary, current trends emphasize the dual role of AI in cybersecurity as both a transformative defense tool and an evolving attack vector. The core governance challenges revolve around establishing robust AI access controls, formal policies to manage AI use and shadow AI, and integrating these into broader organizational cybersecurity strategies to mitigate escalating risks and high breach costs in 2025.
- In the healthcare industry, the average cost of a data breach remains high at USD 7.42 million, reflecting the high value of compromised patient personal identification information (PII).
- The Cost of a Data Breach Report 2025 indicates that the global average cost of a data breach has decreased by 9%, to USD 4.44 million, attributed to faster breach containment due to increased AI and automation use in security.
- A significant finding in the report is a "AI oversight gap," where 97% of breached organizations with AI-related incidents lack proper AI access controls, and 63% of organizations have no AI governance policies to manage AI use or shadow AI, leading to costly security breaches.
