How AI is Changing Cybersecurity

August 07, 2025

The cost of data breaches declined last year, but the rise of artificial intelligence is creating new challenges.

IBM’s annual “Cost of a Data Breach” report highlights how AI utilization is “greatly outpacing security and governance in favor of do-it-now adoption.”  Health care remained the most expensive sector for breaches, the report noted.

"The data shows that a gap between AI adoption and oversight already exists, and threat actors are starting to exploit it," said Suja Viswesan, vice president, security and runtime products, IBM, in a statement. "The report revealed a lack of basic access controls for AI systems, leaving highly sensitive data exposed, and models vulnerable to manipulation.”

Here are a few key takeaways:

• Good news:  Globally, the cost for the average data breach declined to $4.44 million, a 9 percent decrease.
  •  Faster identification and containment of branches contributed to the decline.
  • The lifecycle to identify, contain, and restore services after a breach dropped to 241 days, a 17-day reduction.
• In the U.S.:  Costs in the U.S. alone surged 9 percent to $10.22 million, an all-time high.
  • IBM attributed the higher costs to “higher regulatory fines and higher detection and escalation costs.”
• Health care perspective:  Health care breaches were the most expensive across all studied industries, averaging $7.42 million. The lifecycle of these breaches was five weeks longer than the global average.
  • This sector is still most expensive for breaches despite a $2.35 million reduction in costs compared to 2024.
• Rise of AI:  About 13 percent of organizations reported breaches related to AI models or applications.
  • Nearly all of those organizations (97%) reported they did not have AI access controls in place.
• Quotable:  “As AI becomes more deeply embedded across business operations, AI security must be treated as foundational,” Viswesan said. “The cost of inaction isn't just financial, it's the loss of trust, transparency and control."

Additional information about the report is available online.