Cost of Data Breach Report 2025

AI, Ransomware, and Shadow AI

For 20 years, IBM and the Ponemon Institute have tracked the financial and operational impacts of data breaches. The newly released Cost of a Data Breach Report 2025 uncovers the latest global trends, showing how artificial intelligence (AI), ransomware, and unauthorized “shadow AI” use are transforming the cyber risk landscape.

Global Highlights

• $4.44 million – The global average cost of a data breach, down 9% from 2024.
• $10.22 million in the U.S. – A record high, fueled by steep fines and detection costs.
• Healthcare remains most targeted – With average breach costs of $7.42 million, largely due to theft of patient data.
• 241 days – The new average time to identify and contain a breach, the fastest in nearly a decade.

AI: The New Battleground

AI is now both an ally and a threat.

• 16% of breaches involved attackers using AI, mostly for phishing (37%) and deepfakes (35%).
• 97% of AI-related breaches were linked to systems lacking proper access controls.
• Shadow AI (unauthorized AI tools) increased breach costs by $670,000 on average.
• Customer data at risk – 65% of shadow AI breaches involved customer PII.

Shadow AI has quietly displaced security skills shortages as one of the top three most expensive breach factors

Ransomware: Still Costly, Still Evolving

Ransomware remains one of the most damaging attack types:

• $5.08 million – The average cost of an extortion or ransomware incident.
• 63% of victims refused to pay – A growing trend compared to 59% in 2024.
• Law enforcement involvement declined – Only 40% engaged authorities, down from 52%.

The report warns of “ransomware fatigue”, with many organizations choosing not to pay but still bearing heavy disruption costs

What Raises or Lowers Breach Costs

Top cost amplifiers:

• Shadow AI use
• Supply chain compromise
• Security system complexity

Top cost reducers:

• DevSecOps adoption
• AI/ML-driven threat insights
• Strong SIEM (security information and event management) platforms

Organizations extensively using AI and automation cut average breach costs by $1.9 million and reduced response times by 80 days

Recommendations for 2025

The report outlines five key strategies for building resilience:

1. Fortify identities – Secure both human and AI agent credentials with strong lifecycle management.
2. Elevate AI data security – Apply encryption, key management, and access control.
3. Integrate governance – Align security, compliance, and revenue leaders to detect shadow AI.
4. Use AI for defense – Employ AI-driven threat hunting and automation to counter AI-driven attacks.
5. Plan for resilience – Regularly test incident response plans and crisis simulations

Want the Full Insights?

This article only scratches the surface. The Cost of a Data Breach Report 2025 dives deep into:

• Country-by-country breach cost comparisons
• The industries most under fire
• Exclusive analysis of shadow AI incidents
• How attackers are using generative AI against organizations
• Practical steps to cut millions off your breach response costs

Here is where we at EireaNet can help you! We can assist you in implementing strong cybersecurity measures, such as two-factor authentication and regular data backups.