The average cost of a US data breach reached an all-time high of 10.22 million dollars, according to IBM benchmark data, roughly 2.3 times the global average. The global figure moved in the opposite direction, falling 9 percent to 4.44 million dollars, the first decline in five years, with the divergence driven largely by regulatory fines and escalation costs concentrated in the United States.
Unsanctioned AI tools emerged as a distinct cost driver. One in five organizations studied, 20 percent, experienced breaches linked to shadow AI, meaning AI tools employees adopted without security oversight. Those incidents added as much as 670,000 dollars to the average breach cost. In shadow AI breaches, exposure of customer personal information rose to nearly two-thirds of cases at 65 percent, and intellectual property carried the highest cost at 178 dollars per record.
Governance gaps were widespread. Among breached organizations, 63 percent lacked AI governance policies, and only 37 percent had approval processes or oversight mechanisms in place. Among those that reported AI-related breaches, 97 percent said they lacked proper access controls on their AI systems.
The data also showed a protective effect from security tooling. Organizations that used AI security tools extensively saved 1.9 million dollars per breach and detected incidents 80 days faster than those that did not. The contrast frames AI as both a source of new exposure through unmanaged tools and a mitigation when applied deliberately to detection and response.
Source: IBM - https://www.ibm.com/think/insights/data-matters/cost-of-a-data-breach
![[Data] US Data Breach Costs Hit $10.22 Million as Shadow AI Spreads](https://www.ibm.com/content/dam/worldwide-content/cdp/cf/ul/g/fd/ef/codb-1200x600px-bloomberg.png/_jcr_content/renditions/cq5dam.web.1280.1280.jpeg)