The average cost of a data breach in the United States reached a record $10.22 million, the highest of any region, according to IBM's Cost of a Data Breach report. The global average fell to $4.44 million, down 9 percent from the prior year on faster detection and containment, even as the U.S. figure set a new high.

Unsanctioned AI use emerged as a measurable risk factor. One in five studied organizations experienced breaches linked to shadow AI, meaning AI tools adopted by employees without security oversight. A high level of shadow AI added an extra $670,000 to the average breach cost, pushing affected incidents to $4.63 million. Shadow AI breaches disproportionately compromised customer personal data, exposing such records in 65 percent of cases against a 53 percent global average.

Governance gaps compounded the exposure. The report found that 97 percent of organizations that experienced an AI-related security incident lacked proper AI access controls, and 63 percent had no AI governance policy in place. Among breached organizations, 13 percent reported breaches of AI models or applications directly. The data quantifies how rapid AI adoption, when paired with weak oversight, raises both the likelihood and the cost of data exposure for organizations.

Source: IBM - https://newsroom.ibm.com/2025-07-30-ibm-report-13-of-organizations-reported-breaches-of-ai-models-or-applications,-97-of-which-reported-lacking-proper-ai-access-controls