IBM Report: 13% Of Organizations Reported Breaches Of AI Models Or Applications, 97% Of Which Reported Lacking Proper AI Access Controls
IBM (NYSE:IBM) released its 2025 Cost of a Data Breach Report, revealing critical insights about AI security and data breaches. The study found that 13% of organizations reported AI model breaches, with a staggering 97% lacking proper AI access controls. While the global average breach cost decreased to $4.44 million, U.S. breach costs hit a record $10.22 million.
Organizations using AI and automation in security operations saved an average of $1.9 million in breach costs and reduced breach lifecycle by 80 days. However, only 49% of breached organizations plan to invest in security, down from 63% in 2024. The healthcare sector remains most vulnerable, with average breach costs of $7.42 million and the longest breach lifecycle at 279 days.
IBM (NYSE:IBM) ha pubblicato il suo Rapporto 2025 sul Costo di una Violazione dei Dati, rivelando importanti informazioni sulla sicurezza dell'IA e le violazioni dei dati. Lo studio ha rilevato che il 13% delle organizzazioni ha segnalato violazioni di modelli di IA, con un sorprendente 97% privo di adeguati controlli di accesso all'IA. Mentre la media globale del costo delle violazioni è diminuita a 4,44 milioni di dollari, i costi negli Stati Uniti hanno raggiunto un record di 10,22 milioni di dollari.
Le organizzazioni che utilizzano IA e automazione nelle operazioni di sicurezza hanno risparmiato in media 1,9 milioni di dollari sui costi delle violazioni e hanno ridotto il ciclo di vita delle violazioni di 80 giorni. Tuttavia, solo il 49% delle organizzazioni colpite prevede di investire nella sicurezza, in calo rispetto al 63% del 2024. Il settore sanitario rimane il più vulnerabile, con costi medi delle violazioni di 7,42 milioni di dollari e il ciclo di vita più lungo di 279 giorni.
IBM (NYSE:IBM) publicó su Informe 2025 sobre el Costo de una Brecha de Datos, revelando información clave sobre la seguridad de la IA y las brechas de datos. El estudio encontró que el 13% de las organizaciones reportaron brechas en modelos de IA, con un asombroso 97% sin controles adecuados de acceso a la IA. Mientras que el costo promedio global de las brechas disminuyó a 4,44 millones de dólares, los costos en EE.UU. alcanzaron un récord de 10,22 millones de dólares.
Las organizaciones que usan IA y automatización en operaciones de seguridad ahorraron en promedio 1,9 millones de dólares en costos por brechas y redujeron el ciclo de vida de la brecha en 80 días. Sin embargo, solo el 49% de las organizaciones afectadas planea invertir en seguridad, una caída desde el 63% en 2024. El sector salud sigue siendo el más vulnerable, con costos promedio de brechas de 7,42 millones de dólares y el ciclo de vida más largo de 279 días.
IBM (NYSE:IBM)은 2025� 데이� 유출 비용 보고서를 발표하며 AI 보안� 데이� 유출� 관� 중요� 인사이트� 공개했습니다. 조사 결과 13%� 조직� AI 모델 유출� 보고했으�, 놀랍게� 97%가 적절� AI 접근 제어� 갖추지 못한 것으� 나타났습니다. � 세계 평균 유출 비용은 444� 달러� 감소했지�, 미국� 유출 비용은 기록적인 1,022� 달러� 달했습니�.
보안 운영� AI와 자동화를 사용하는 조직은 유출 비용� 평균 190� 달러 절감하고 유출 수명 주기� 80� 단축했습니다. 그러� 침해� 당한 조직 � 단지 49%만이 보안� 투자� 계획이며, 이는 2024년의 63%에서 감소� 수치입니�. 의료 부문은 여전� 가� 취약하며, 평균 유출 비용은 742� 달러, 유출 수명 주기� 279�� 가� 깁니�.
IBM (NYSE:IBM) a publié son Rapport 2025 sur le Coût d'une Violation de Données, révélant des informations cruciales sur la sécurité de l'IA et les violations de données. L'étude a révélé que 13 % des organisations ont signalé des violations de modèles d'IA, avec un impressionnant 97 % sans contrôles d'accès appropriés à l'IA. Alors que le coût moyen mondial des violations a diminué à 4,44 millions de dollars, les coûts aux États-Unis ont atteint un record de 10,22 millions de dollars.
Les organisations utilisant l'IA et l'automatisation dans les opérations de sécurité ont économisé en moyenne 1,9 million de dollars sur les coûts des violations et ont réduit le cycle de vie des violations de 80 jours. Cependant, seulement 49 % des organisations victimes prévoient d'investir dans la sécurité, contre 63 % en 2024. Le secteur de la santé reste le plus vulnérable, avec des coûts moyens de violation de 7,42 millions de dollars et le cycle de vie le plus long à 279 jours.
IBM (NYSE:IBM) hat seinen Bericht 2025 zu den Kosten einer Datenpanne veröffentlicht und dabei wichtige Erkenntnisse zur KI-Sicherheit und Datenpannen offenbart. Die Studie ergab, dass 13 % der Organisationen KI-Modellverletzungen meldeten, wobei erstaunliche 97 % keine angemessenen KI-Zugriffskontrollen hatten. Während die globalen durchschnittlichen Kosten einer Datenpanne auf 4,44 Millionen US-Dollar sanken, erreichten die Kosten in den USA einen Rekordwert von 10,22 Millionen US-Dollar.
Organisationen, die KI und Automatisierung in Sicherheitsoperationen einsetzen, sparten durchschnittlich 1,9 Millionen US-Dollar bei den Kosten von Datenpannen und verkürzten den Lebenszyklus einer Panne um 80 Tage. Dennoch planen nur 49 % der betroffenen Organisationen, in Sicherheit zu investieren, ein Rückgang von 63 % im Jahr 2024. Der Gesundheitssektor bleibt am anfälligsten, mit durchschnittlichen Kosten von 7,42 Millionen US-Dollar und dem längsten Lebenszyklus von 279 Tagen.
- None.
- 13% of organizations reported AI model breaches, with 97% lacking proper AI access controls
- U.S. breach costs increased to record $10.22 million
- 63% of breached organizations either lack or are still developing AI governance policies
- Only 49% plan to invest in security post-breach, down from 63% in 2024
- Healthcare sector breaches remain costliest at $7.42 million with 279-day lifecycle
- Nearly half of organizations planned to raise prices due to breach impacts
Insights
IBM's report reveals critical AI security gaps while showcasing their strategic positioning in the growing cybersecurity and AI defense markets.
The IBM Cost of a Data Breach Report exposes a significant security gap in AI implementation across organizations. The finding that
Most concerning is that
The report provides compelling evidence of the financial value of proper AI security investments. Organizations implementing extensive AI and automation in their security operations saved an average of
Meanwhile, the record-high U.S. breach cost of
For IBM, this report demonstrates their data-driven expertise in an increasingly critical field while highlighting market opportunities for their AI security offerings. The findings position IBM as both a research authority and a solution provider in the emerging AI security landscape.
13% of organizations reported breaches of AI models or applications, while8% of organizations reported not knowing if they had been compromised in this way.- Of those compromised,
97% report not having AI access controls in place. - As a result,
60% of the AI-related security incidents led to compromised data and31% led to operational disruption.
This year's results show that organizations are bypassing security and governance for AI in favor of do-it-now AI adoption. Ungoverned systems are more likely to be breached—and more costly when they are.
"The data shows that a gap between AI adoption and oversight already exists, and threat actors are starting to exploit it," said Suja Viswesan, Vice President, Security and Runtime Products, IBM. "The report revealed a lack of basic access controls for AI systems, leaving highly sensitive data exposed, and models vulnerable to manipulation. As AI becomes more deeply embedded across business operations, AI security must be treated as foundational. The cost of inaction isn't just financial, it's the loss of trust, transparency and control."
However, the report did reveal that organizations using AI and automation extensively throughout their security operations saved an average
The 2025 report, conducted by Ponemon Institute, sponsored and analyzed by IBM, is based on data breaches experienced by 600 organizations globally from March 2024 through February 2025. Key findings from the report around AI security and breaches, the financial cost of a breach, and operational disruption are as follows:
Breaches and the AI era
- AI Governance Policies.
63% of breached organizations either don't have an AI governance policy or are still developing a policy. Of the organizations that have AI governance policies in place, only34% perform regular audits for unsanctioned AI. - The Cost of Shadow AI. One in five organizations reported a breach due to shadow AI, and only
37% have policies to manage AI or detect shadow AI. Organizations that used high levels of shadow AI observed an average of$670,000 65% ) and intellectual property (40% ) being compromised compared to the global average (53% and33% respectively). - Smarter Attacks with AI.
16% of breaches studied involved attackers using AI tools, most often for phishing or deepfake impersonation attacks.
The Financial Cost of a Breach
- Data Breach Costs. The global average cost of a data breach fell to
$4.44 million U.S. cost of a breach reached a record$10.22 million - Global Breach Lifecycles Hit Record Low. The global average breach lifecycle (the mean time to identify and contain a breach, including restore services) dropped to 241 days, a 17-day reduction from the year prior, as more studied organizations detected the breach internally. Those organizations who detected the breach internally also observed a
$900,000 - Healthcare Breaches Remain the Costliest. Averaging
$7.42 million $2.35 million - Ransom Payment Fatigue. Last year, organizations pushed back against ransom demands, with more opting not to pay (
63% ) compared to the year prior (59% ). As more organizations refuse to pay ransoms, the average cost of an extortion or ransomware incident remains high, particularly when disclosed by an attacker ($5.08 million - Security Investments Stall Amid Rising AI Risks. There was a significant reduction in the number of organizations that said they plan to invest in security following a breach,
49% in 2025 compared to63% in 2024. Less than half of those that plan to invest in security post-breach will focus on AI-driven security solutions or services.
The Long Tail of a Breach: Operational Disruption
According to the 2025 IBM report, nearly all organizations studied suffered operational disruption following a data breach. This level of disruption is taking a toll on recovery timelines. Among organizations that reported recovery, most took more than 100 days on average to do so.
However, the consequences of a breach continue to extend beyond containment. While down compared to the year prior, nearly half of all organizations reported that they planned to raise the price of goods or services because of the breach, and nearly one-third reported price increases of
About the Cost of a Data Breach Report
The Cost of a Data Breach Report has investigated nearly 6,500 data breaches over the past 20 years. Since the inaugural report in 2005, the nature of breaches has evolved dramatically. Back then, risk was largely physical. Today, the threat landscape is overwhelmingly digital and increasingly targeted, with breaches now driven by a spectrum of malicious activity.
With the pace of enterprise AI adoption proliferating, for the first time, the Cost of a Data Breach research studied the state of security and governance for AI, the type of data targeted in security incidents involving AI, breach costs associated with AI-driven attacks, and the prevalence and risk profile of shadow AI (unregulated, unauthorized use of AI). Historical findings from past reports include the following:
- 2005: nearly half (
45% ) of all data breaches were caused by lost or stolen computing devices, such as a laptop or thumb drive, and only10% of breaches were due to hacked electronic systems. - 2015: breaches due to cloud misconfiguration weren't even a categorized threat, today they are a leading target.
- 2020: ransomware began to surge, and by 2021 it accounted for an average of
$4.62 million $5.08 million - 2025: AI, which was included for the first time in the research this year, is quickly emerging as a high value target.
Additional sources:
- a copy of the 2025 Cost of a Data Breach Report to learn more.
- for the 2025 IBM Cost of a Data Breach webinar on Wednesday, August 13, 2025, at 11:00 a.m. ET.
- more about the report's top findings in this IBM blog.
About IBM
IBM is a leading provider of global hybrid cloud and AI, and consulting expertise. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs, and gain a competitive edge in their industries. Thousands of governments and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM's hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently, and securely. IBM's breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and consulting deliver open and flexible options to our clients. All of this is backed by IBM's long-standing commitment to trust, transparency, responsibility, inclusivity, and service. Visit for more information.
Media contact:
IBM
Michele Brancati
[email protected]
View original content to download multimedia:
SOURCE IBM
FAQ
What is the average cost of a data breach in 2025 according to IBM's report?
How many organizations reported AI model breaches in IBM's 2025 security report?
What are the cost savings for organizations using AI in their security operations?
Which industry has the highest data breach costs according to IBM's 2025 report?
What percentage of organizations plan to invest in security after a breach in 2025?
How are organizations responding to ransomware demands according to IBM's report?
