The Cost of Data Breach Report 2025 by IBM revealed some crucial insights that organisations cannot afford to ignore. According to the report, the average cost of a data breach worldwide decreased by 9% to $4.44 million.
However, the United States saw a 9% increase in breach costs, reaching $9.10-$9.22 million.
The recent study revealed some crucial insights into the cost of data breaches. On average, a data breach costs around $4.44 million globally, although the United States faces significantly higher expenses. Identifying and containing a breach takes approximately 241 days, with most of the time spent on detection.
The study also highlighted the growing concern of artificial intelligence in data breaches, with 13% of organisations experiencing AI-related breaches due to the rapid adoption of AI outpacing its security and governance.
Furthermore, the issue of ‘Shadow AI’ was prominent, with 20% of organisations having unauthorised AI implementations that contribute to breach costs.
These findings underlie the need for organisations to prioritise robust security measures and effective governance to mitigate the risks associated with data breaches and AI adoption.
Data breaches can occur due to various factors, and understanding these causes is crucial for organisations to protect themselves. One major cause is insider threats, where individuals with authorised access to an organisation’s systems intentionally or unintentionally compromise data security.
These threats can be particularly damaging because insiders often have intimate knowledge of the organisation’s systems and can exploit this knowledge to inflict maximum damage.
Another significant contributor to breach costs is third-party risk, which arises when external parties, such as vendors or partners, have access to an organisation’s systems or data. If these third parties have inadequate security measures in place, they can become a vulnerability that hackers can exploit.
Phishing attacks are also a common cause of data breaches, accounting for 16% of breaches. Phishing involves tricking individuals into revealing sensitive information, such as login credentials or financial information, often through emails or messages that appear to be from a trusted source.
To prevent data breaches, organisations must implement robust security measures, including employee training, to identify and mitigate these risks.
Common causes of data breaches
Insider Threats: Insider threats involve employees or partners misusing their access to an organisation’s systems to steal or manipulate data. These threats can be intentional or accidental and pose a significant risk to data security.
Third-Party Risk: Third-party situations and supply chain compromises can also contribute to breach costs. Organisations must carefully vet their third-party vendors and partners to ensure they have adequate security measures in place.
Phishing Attacks: Phishing is a type of social engineering attack that involves tricking individuals into revealing sensitive information. Organisations can reduce the risk of phishing attacks by educating employees on how to recognise malicious emails and implementing robust security measures.
Recommendations
To prevent data breaches and protect sensitive information, organisations should consider implementing several key strategies. One crucial step is to strengthen identity and access management capabilities, which involves ensuring that only authorised individuals have access to sensitive data and systems.
This can be achieved through secrets management, which securely stores and manages sensitive information such as passwords and API keys, and passwordless authentication, which eliminates the need for passwords and reduces the risk of password-related breaches.
Another important consideration is AI governance, as the adoption of artificial intelligence continues to grow. Organisations need to prioritise AI security and governance to mitigate the risks associated with AI, including the potential for AI-related breaches and the misuse of AI technology.
Finally, data protection is essential in preventing breaches, and organisations should focus on discovering and securing sensitive data, as well as monitoring its use. When taking a proactive approach to data protection, organisations can reduce the risk of breaches and protect their sensitive information from unauthorised access or theft.
India-specific findings
In India, the cost of data breaches has reached alarming levels, with the average cost of a breach hitting a record high of INR 220 million, representing a 13% increase from 2024. This significant rise underscores the growing threat of cyberattacks in the country.
Phishing emerged as the leading cause of data breaches in India, responsible for 18% of all breaches. This type of cyberattack involves tricking individuals into divulging sensitive information, such as login credentials or financial data, often through deceptive emails or messages. Furthermore, the use of unauthorised AI, known as Shadow AI, has become a substantial concern, adding INR 17.9 million to the cost of breaches in India.
This highlights the urgent need for better AI governance and oversight to mitigate the risks associated with AI adoption. Addressing these challenges and implementing robust security measures, Indian organisations can reduce the risk of data breaches and protect their sensitive information from cyber threats.
The 2025 Cost of Data Breach Report by IBM states the critical need for organisations to prioritise cybersecurity and invest in effective measures to prevent data breaches. When organisations strengthen their security protocols, they can significantly reduce the risk of breaches and minimise the associated costs.
This involves implementing robust security controls, enhancing employee training, and staying up-to-date with the latest security technologies.
Taking a proactive approach to cybersecurity, organisations can protect their sensitive data, maintain customer trust, and avoid the financial and reputational damage that can result from a data breach. Ultimately, investing in cybersecurity is essential for organisations to safeguard their assets and ensure long-term success.
Funminiyi B. Philips is a cybersecurity enthusiast. He can be reached on LinkedIn
