US data breach costs surpassed 10 million dollars for the first time, according to IBM 2025 Cost of a Data Breach Report, even as the global average fell. Worldwide, the average breach cost dropped 9 percent to 4.44 million dollars from 4.88 million the prior year, and organizations identified and contained breaches in a mean of 241 days, the lowest in nine years.

The report identified a widening gap between AI adoption and AI security. Among organizations that experienced an AI-related security incident, 97 percent said they lacked proper AI access controls. A separate 63 percent reported having no AI governance policies in place to manage AI use or prevent employees from using unapproved tools.

Shadow AI carried a measurable price. Organizations with high levels of unapproved internet-based AI tool use added an extra 670,000 dollars to the global average breach cost. Shadow AI was a factor in 20 percent of breaches and was associated with the exposure of large volumes of personally identifiable information.

Direct attacks on AI systems also appeared in the data. Thirteen percent of surveyed organizations experienced an attack that affected their AI models or applications, and nearly all of those lacked adequate access controls. The figures describe an environment where rapid AI deployment has outpaced the governance and security measures needed to protect it, leaving many organizations exposed precisely where they are expanding fastest. The persistent US cost premium reflects both higher regulatory exposure and the concentration of high-value data in American firms.

Source: IBM -- https://www.ibm.com/reports/data-breach