Can We Afford Not To

We often hear the phrase, “We really can’t afford to spend that much on security.” But maybe we should be asking ourselves if we can afford not to. It’s not just about money, it’s about downtime, reputation, lost trust, and the reality that many breaches are preventable. Decisions about security investments should be based on actual numbers rather than just feelings. The good news is that we have the information we need in the form of IBM’s 2025 Cost of a Data Breach Report.

In this blog post, we’ll look at key findings and lessons learned from the report that you can apply to your own environment to make more informed decisions to protect it.

Two Decades of Research

This year marks the 20th year of IBM’s Cost of a Data Breach Report. Over those two decades, the study has looked at 6,500 different data breaches and involved 35,000 technology and business leaders. That’s a tremendous amount of data, allowing IBM to see not just what happened in one particular year but what has been happening across two decades.

In 2025 alone, IBM dealt with 600 different organizations and spoke with 3,500 business and tech leaders. This isn’t a small sample many people and a lot of effort went into the report, adding confidence and credibility to the results. To ensure accuracy, extremely high and low results were removed so that the averages reflect representative, believable numbers. 

The Actual Number

So, what were the actual numbers? Globally, the report shows good news: the overall cost of a data breach went down 9%. The average cost of a breach worldwide is now $4.44 million. That’s still a significant number, but any reduction is positive progress.

Another important finding involves the mean time to identify and contain a breach the number of days it takes to detect that an attacker is in your system and then remove and contain them. This number has stayed high for years but has finally improved.

In 2021, the combined average was 287 days, in 2025, it’s down to 241 days. That’s a solid improvement time is money, and the reduction makes sense.

However, not everything was good news. In the United States, the situation was reversed. Instead of decreasing, the average cost went up by 9%, reaching $10.22 million more than double the global average. The increase is largely due to higher regulatory fees and detection costs.

What’s Driving the Most Expensive Breaches

If we want to improve these numbers, it helps to know where the biggest costs come from. According to the report, the most expensive breaches were caused by insiders and third parties. Insiders already have access to systems and data, which makes it easier for them to do significant damage. Third parties, who are often given access for legitimate reasons, can also act as insiders, creating similar risks.

In terms of frequency, the most common cause of data breaches was phishing, accounting for 16% of all breaches. Attackers use phishing to trick users into revealing their credentials, allowing them to log in and steal data.

The Role of Artificial Intelligence

For the first time, the 2025 report examined the role of artificial intelligence (AI) in data breaches. Attackers leveraging AI were involved in 16% of all breaches a significant enough number to pay attention to. Of these, 37% were related to phishing, where AI was used to craft more convincing messages.

In one experiment, IBM’s X-Force researchers compared a phishing email written by a human (which took 16 hours to create) with one generated by a chatbot (which took five minutes). Both emails achieved nearly identical results in fooling recipients. This shows how efficient AI can make attackers and highlights that common clues like spelling or grammar mistakes are no longer reliable indicators of a phishing attempt.

AI was also linked to deepfake-related breaches, which made up 35% of AI-assisted attacks. Deepfakes convincing fake videos or audio can be used for social engineering, such as impersonating an executive to trick employees into transferring money. These are sophisticated threats that require new forms of awareness and process controls.

On the defensive side, however, the report found that organizations using AI and automation extensively benefited significantly. They reduced the average time to contain breaches by 80 days and lowered breach costs by $1.9 million. Unfortunately, 63% of organizations surveyed did not have any AI governance policy, leaving them without guidance on how to manage AI securely.

Recommendations for a Safer Future

So, what can organizations do to improve next year’s numbers? One of the biggest areas to focus on is identity and access management (IAM). Traditionally, IAM focuses on human users, but now it must also account for non-human identities, such as AI systems, bots, and agents that interact with networks. These systems need secrets management to protect passwords, API keys, and cryptographic keys.

For end users, the best defense against password theft is to eliminate passwords altogether. Using passkeys, a cryptography-based alternative, offers better resistance to phishing attacks.

Since AI is growing rapidly, organizations also need to manage data security carefully. Data is at the heart of AI, and it must be protected from misuse. This starts with discovery you can’t secure what you can’t see. Companies must identify and inventory both “shadow AI” and “shadow data” that may appear without authorization. Once discovered, they can evaluate their security posture, enforce access controls, ensure encryption, and monitor data usage.

On the AI side, IBM recommends securing three key areas: the data, the model, and the usage. That means protecting the machine learning models themselves and preventing prompt injection attacks that could manipulate AI behavior.

Finally, organizations need to create an AI governance and security policy. Governance and security go hand in hand talking about one inevitably leads to the other. A solid governance framework helps prevent “runaway AI” issues and ensures that security practices stay aligned with organizational goals.

Conclusion

The 2025 Cost of a Data Breach Report shows both progress and areas for improvement. While global breach costs and response times have improved, U.S. organizations are still facing rising expenses. Insider threats, third-party risks, and AI-driven attacks are reshaping the cybersecurity landscape.

At the same time, AI and automation are proving to be powerful defensive tools reducing breach duration and cost when implemented correctly. But without proper governance, these technologies can also create new vulnerabilities.

In the end, the question remains the same: Can we afford not to invest in security? Because every data breach costs more than just money it costs trust, reputation, and the future stability of the organization. Keep up the great work! Happy Performance Engineering! #databreach #artificialintelligence #AIsecurity