The AI Security Gap

IBM
  • A new IBM report reveals that while AI adoption is accelerating, security measures are lagging significantly.
  • The study found that 13% of organizations experienced a breach of their AI models or applications.
  • An alarming 97% of those compromised organizations reported lacking proper access controls for their AI systems.
  • This new data highlights a growing vulnerability that threat actors are beginning to exploit.

The 2025 IBM Cost of a Data Breach Report, conducted by Ponemon Institute, surveyed 600 organizations globally. The findings indicate a critical gap between the implementation of AI and its necessary security and governance. Notably, 60% of these AI-related incidents resulted in data compromise, while 31% caused operational disruption. These results suggest that the rush to adopt AI without adequate oversight is creating significant risks.

Key Financial and Operational Impacts

The report offers a stark look at the financial consequences of data breaches. The global average cost of a breach decreased to $4.44 million, the first drop in five years. Conversely, the average cost in the U.S. reached a record high of $10.22 million. The study also found that organizations using AI and automation in their security operations saved an average of $1.9 million in breach costs and reduced the breach lifecycle by 80 days.

This year’s findings also highlight the issue of “shadow AI,” the use of unregulated and unauthorized AI applications. One in five organizations reported a breach due to shadow AI, leading to higher breach costs and a greater risk of compromised personally identifiable information and intellectual property. The report notes that breaches in the healthcare sector remain the most expensive, averaging $7.42 million, and they also take the longest to identify and contain.

Post-Breach Trends and Future Outlook

Despite the clear risks, there was a significant reduction in the number of organizations planning to invest in security following a breach. Only 49% of organizations planned to invest in new security measures, a notable decrease from 63% in 2024. Less than half of these organizations intended to focus on AI-driven security solutions. This trend suggests a potential complacency in the face of rising threats.

The report also details the long-term operational disruption caused by breaches. Nearly all surveyed organizations experienced some level of disruption, with most taking over 100 days to fully recover. The financial fallout often extends beyond immediate costs, as nearly half of all organizations reported plans to raise prices on goods or services because of a breach. A significant portion of these planned price hikes were 15% or more.

A Look Back at Two Decades of Data Breaches

Over the past two decades, the IBM Cost of a Data Breach Report has chronicled the evolution of cybersecurity threats. In 2005, physical security was the primary concern, with nearly half of all breaches resulting from lost or stolen devices like laptops or thumb drives. Today, the landscape is almost entirely digital, with threats like cloud misconfiguration and ransomware becoming prominent. The report’s inclusion of AI-related breaches for the first time this year signals that AI is the next major frontier in cybersecurity, posing a new set of complex challenges for organizations worldwide.

 

Read more..

Aeroflot

Aeroflot Cyberattack Disrupts Russian Air Travel

chinese hacker

The evolving SharePoint threat

SpyBug

Germany’s Defense Tech Revolution: AI to Bio-Robots

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.