India Faces Unprecedented Data Breach Costs, Reveals IBM Report
Bengaluru, India—August 7, 2025—IBM’s latest Cost of a Data Breach Report highlights a concerning trend for organizations in India, with the average cost of data breaches soaring to INR 220 million this year, reflecting a 13% increase from 2024. This surge underscores the escalating financial impact of cyber incidents, particularly as businesses adopt artificial intelligence (AI) technologies at an accelerated pace. The report emphasizes a critical gap between the swift integration of AI in business operations and the corresponding development of security measures and governance.
Of particular note is the report’s assertion that only 37% of Indian organizations utilize AI access controls, while nearly 60% lack comprehensive AI governance policies or are in the process of developing them. As AI becomes increasingly ubiquitous, organizations are seemingly prioritizing rapid deployment over rigorous security frameworks. This trend raises significant concerns, particularly as unregulated AI systems are revealed to be more susceptible to breaches, compounding the financial toll when incidents do occur.
The risks associated with AI were further illuminated by the report. Shadow AI, which refers to the unauthorized use of AI tools without IT oversight, emerged as a notable financial liability, averaging an additional INR 17.9 million in breach costs. Alarmingly, only 42% of surveyed organizations have implemented policies to monitor and manage these unsanctioned AI applications. This oversight presents a strategic vulnerability that could be exploited by malicious actors.
Phishing attacks remain the predominant threat, accounting for 18% of breach incidents. Alongside this, third-party vendor compromises and vulnerability exploitation were also significant contributors, emphasizing that traditional entry points for cyber threats still pose a considerable risk. The average lifecycle of a breach in India has been recorded at 263 days, a decrease of 15 days from the previous year, signaling improvements in breach identification and response efforts among organizations.
The research sector bore the brunt of these breaches, with costs reaching INR 289 million, closely followed by the transportation industry and the industrial sector, which reported costs of INR 288 million and INR 264 million, respectively. Yet despite the evident benefits of investing in security AI, 73% of organizations surveyed reported minimal to no deployment of such innovations, indicating a disconnect in prioritizing these solutions.
The Cost of a Data Breach Report, which has examined nearly 6,500 breaches over two decades, reveals a transformative shift in the nature of cyber threats. In earlier years, risks were predominantly physical; today, the landscape is overwhelmingly digital and marked by a spectrum of malicious activities. This year’s report marks a significant milestone as it ventures into the risks surrounding AI technologies, exploring how they might be leveraged in future attacks.
In light of these findings, the MITRE ATT&CK framework provides insights into possible tactics that may have been employed during these breaches. Initial access could have been achieved through techniques like phishing, while persistence may have been established via compromised accounts or unregulated AI tools. Furthermore, privilege escalation could have occurred by exploiting vulnerabilities within systems, reinforcing the imperative for robust governance structures around emerging technologies.
As India’s enterprises adapt to an evolving digital landscape, there is an urgent need for chief information security officers (CISOs) to implement security measures and governance frameworks that keep pace with innovation. The adoption of AI presents tremendous opportunities but also introduces complex cybersecurity challenges that cannot be overlooked. Failure to act decisively may result in increasingly significant breaches that not only threaten organizational integrity but also the broader business ecosystem.
As organizations grapple with these escalating challenges, the emphasis must shift towards embedding security and governance within the core of AI systems. The price of neglect may prove steep, as highlighted by the IBM report, indicating that while the digital frontier offers expansion opportunities, it simultaneously demands unprecedented levels of vigilance and strategic foresight.
