Shadow AI adds $670K to breach costs while 97% of enterprises skip basic access controls, IBM reports

7 1 minute read

Shadow AI adds 0K to breach costs while 97% of enterprises skip basic access controls, IBM reports — Shadow AI adds 670K to breach costs while 97 of.jpg

AI security is becoming increasingly critical as organizations face the risk of breaches involving employees’ unauthorized use of AI tools. According to IBM’s 2025 Cost of a Data Breach Report, these breaches cost organizations an average of $4.63 million, highlighting the gap between AI adoption and security oversight.

The report, based on interviews with 3,470 organizations, reveals that 97% of breached organizations lacked proper AI access controls, with 8% unsure if they had been compromised through AI systems. Shadow AI incidents, where employees use unauthorized AI tools, resulted in compromised data and disruptions to daily operations. The lack of governance in AI security is a major weakness, with 63% of breached organizations lacking AI governance policies.

Supply chains are a favorite attack vector for AI security incidents, with compromised apps, APIs, and plug-ins being common. Weaponized AI, including AI-generated phishing and deepfake attacks, is proliferating, with attackers using AI to blend into normal network traffic to evade detection.

Governance is a weakness that adversaries exploit, with only 37% of organizations claiming to have AI governance policies performing regular audits for unsanctioned AI. DevSecOps emerged as a top factor in reducing breach costs, saving organizations an average of $227,192.

Despite the challenges, organizations that extensively use AI and automation are saving $1.9 million per breach and resolving incidents 80 days faster. AI-powered organizations spend $3.62 million on breaches, compared to $5.52 million for those without AI, resulting in a 52% cost differential. Security teams using AI and automation extensively shortened breach times by 80 days and lowered breach costs by $1.9 million.

The cybersecurity landscape in 2024 saw global breach costs decline to $4.44 million, while U.S. organizations faced record-high costs of $10.22 million per incident. Healthcare organizations bore the heaviest burden, with an average cost of $7.42 million per breach.

IBM’s report underscores the importance of governance in AI security and provides recommendations for organizations to implement AI governance, gain visibility into shadow AI, and accelerate security AI adoption. As attackers weaponize AI and employees create shadow tools for productivity, organizations must embrace AI’s benefits while rigorously managing its risks to ensure survival in the evolving threat landscape.