India’s average data breach cost hits ₹220 million in 2025, AI security gaps emerge: IBM report

A recent report from IBM has revealed that the average cost of a data breach in India has soared to ₹220 million in 2025, marking a significant 13 percent increase from the previous year. This alarming trend highlights the growing threat landscape as organizations embrace artificial intelligence (AI) without adequate security measures in place. The report delves into the specific security challenges posed by AI, noting that for the first time, IBM has included a focused examination of AI-related security and governance. Findings indicate that a mere 37 percent of Indian organizations have implemented AI access controls, while nearly 60 percent are either lacking governance policies or are still in the process of developing them. Viswanath Ramaswamy, Vice President of Technology at IBM India & South Asia, emphasized the dual nature of AI's rapid adoption, stating, "India’s accelerating AI adoption brings immense opportunity, but it’s also exposing enterprises to new and complex cyber threats. The gap between AI integration and security measures poses not just a technical flaw, but a strategic vulnerability. It is imperative for Chief Information Security Officers (CISOs) to instill trust, transparency, and governance into AI systems from the outset." Key insights from the report highlight significant challenges: - Nearly 60 percent of organizations that experienced breaches lacked a governance policy or were in the process of creating one, with only 34 percent utilizing AI governance technology. - Unauthorised AI use, termed 'shadow AI,' emerged as a top driver of breach costs, adding an average of ₹17.9 million per incident, yet only 42 percent of organizations had strategies to manage or detect this issue. - The average cost of breaches has risen from ₹195 million in 2024 to ₹220 million this year. - Phishing (18 percent), vendor compromises (17 percent), and vulnerability exploitation (13 percent) were cited as the most common attack vectors. - The average time taken to identify and contain breaches has decreased to 263 days, a reduction of 15 days from the previous year. - The research sector suffered the highest breach costs at ₹289 million, closely followed by transportation at ₹288 million and industrial sectors at ₹264 million. - Although the use of AI and automation has been shown to reduce breach costs by more than half, 73 percent of organizations reported either limited or no adoption of these technologies. With nearly 6,500 breaches analyzed over two decades, the report underscores that today's digital threat environment is increasingly complex, driven by AI-enabled attacks and the challenges of unregulated AI usage.