Artificial intelligence is no longer just revolutionizing workflows—it’s now reshaping the cybersecurity threat landscape. IBM’s latest Cost of a Data Breach report reveals a concerning trend: AI adoption is rapidly advancing, but governance and security protocols are struggling to keep pace.
Out of 600 organizations surveyed, 20% reported data breaches linked to “shadow AI”—unapproved or unmanaged AI tools operating without oversight. These breaches came at a steep cost, adding an average of $670,000 to total breach expenses for companies with high levels of shadow AI compared to those without.
But it’s not just rogue tools creating vulnerabilities. Even sanctioned AI systems are contributing to security issues. According to the report, 13% of organizations faced breaches involving their own AI models or applications, with most incidents stemming from third-party components such as compromised apps, APIs, or plug-ins. These attacks led to operational disruptions (31%) and broad data exposure (60%).
The report highlights a core issue: only 3% of affected organizations had proper AI access controls in place—pointing to a widespread lack of AI governance and oversight.
At the same time, cybercriminals are weaponizing AI. IBM observed that 1 in 6 breaches in the past year involved attackers using generative AI to enhance their tactics. Phishing attacks and deepfake impersonations—now easier and faster to create—accounted for 37% and 35% of these breaches, respectively. Notably, generative AI has slashed the time required to create a realistic phishing email from 16 hours to just five minutes.
Regionally, the financial impact varies. In the U.S., the average cost of a breach rose to $10.22 million, nearly $1 million higher than the previous year. The Middle East remained the second most costly at $7.29 million, though that figure dropped from $8.57 million in 2024. Other regions like Benelux, Canada, and Brazil saw either modest increases or declines.
Interestingly, more companies are now refusing to pay ransoms. IBM noted signs of “ransomware fatigue,” with 63% of victims choosing not to pay attackers—up from 41% in 2024.
The findings underscore the urgent need for stronger AI governance frameworks and proactive cybersecurity strategies as AI becomes both a powerful tool and a potent threat vector.
Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.
News Source: ITPro.com
