📊 Dissecting IBM's 2025 Cost of a Data Breach Report
US Breaches Cost $10.22M | Shadow AI-related Breaches Cost $670K | And More
Welcome to The Cybersecurity Pulse (TCP)! I'm Darwin Salazar, Head of Growth at Monad and former detection engineer in big tech. Each week, I bring you the latest security product innovation and industry news. Subscribe below for weekly updates!
IBM's annual Cost of a Data Breach report is one of the most extensive and most cited reports in our industry.
They released this year's edition yesterday and it paints a stark picture of the good, the bad, and the ugly of AI adoption in the enterprise and in security.
600+ organizations. 17 industries. 16 countries.
Get the full report here (ungated).
The Bad and The Ugly
🔴 Average cost of a breach for US-based companies is $10.22M (+9% YoY)
🔴 The added cost of a breach involving Shadow AI is $670K
🔴 20% said they suffered a breach due to security incidents involving shadow AI
🔴 97% of AI-related breaches occurred in systems lacking proper access controls
🔴 87% of organizations said they have no governance policies or processes to mitigate AI risk.
🔴 Researchers found 16% of breaches involved attackers using AI. Most of these breaches focused on human manipulation through phishing (37%) or deepfake attacks (35%)
The Good
🟢 Global breach costs dropped to $4.44M (-9%), the first decline in 5 years
🟢 Detection and containment time hit a 9-year low at 241 days (headed in the right direction, but still too long)
🟢 Organizations using AI/automation extensively saved $1.9M per breach and cut response time by 80 days 👀
🟢 The #1 factor reducing breach costs is DevSecOps (aka AppSec+CloudSec) practices. Saves ~$227K per incident. SIEM platforms and AI-driven insights round out the top three.
🟢 35% of organizations report full recovery from breaches, up from just 12% last year - a sign that incident response maturity is improving dramatically.
🤔 It was pretty interesting seeing ‘quantum security tools’ being listed as a factor that decreases breach costs. Is the industry finally taking quantum seriously?
Conclusion
This report pretty much highlights that breaches have become more expensive and that most enterprises are lagging behind on securing enterprise AI adoption.
Huge kudos to the team at IBM that put this together!
Get the full report here (ungated).
Interested in sponsoring TCP?
Sponsoring TCP not only helps me continue to bring you the latest in security innovation, but it also connects you to a dedicated audience of ~7,300 CISOs, practitioners, founders, and investors across 100+ countries 🌎
Disclaimer
The insights, opinions, and analyses shared in The Cybersecurity Pulse are my own and do not represent the views or positions of my employer or any affiliated organizations. This newsletter is for informational purposes only and should not be construed as financial, legal, security, or investment advice.