New
Delhi, ,August 2025.
IBM
today released its Cost
of a Data Breach Report, which
revealed the average total organizational cost of data breach in India reached
an all-time high of INR 220 million in 2025 (13% higher than last year). The
report also found that globally, AI adoption is greatly outpacing AI security
and governance. While the overall number of organizations globally experiencing
an AI-related breach is a small representation of the researched population,
this is the first time security, governance and access controls for AI have
been studied in this report, which suggests AI is already an easy, high value
target.
- Only 37% of organizations
reported having AI access controls in place in India
- Nearly 60% of organizations
either don’t have AI governance policies in place or are still developing
them in India.
This
year’s results show that organizations are bypassing security and governance
for AI in favor of do-it-now AI adoption. Globally, ungoverned systems are more
likely to be breached, and more costly when they are.
“India’s
accelerating AI adoption brings immense opportunity, but it’s also exposing
enterprises to new and complex cyber threats. The report revealed a gap, while
AI is being rapidly embedded across business operations, security and
governance are being left behind. The absence of access controls and AI
governance tools are not just a technical oversight, it’s a strategic
vulnerability. CISOs must act decisively – embedding trust, transparency, and
governance into AI systems by design,” said Viswanath Ramaswamy,
Vice President, Technology, IBM India & South Asia.
Key
findings from the report for India are as follows:
Breaches
and the AI era
- AI Governance
Policies: Nearly 60% of
breached organizations either don’t have an AI governance policy or are
still developing a policy. Of the organizations that have AI governance
policies in place, only 34% use AI governance technology.
- The Cost of
Shadow AI (the use of AI
tools and applications without oversight from the organization's IT
department): Shadow AI was among the top 3 cost driver of a breach in
India, added INR 17.9 million to the cost of a breach on average. Despite
this, we found that only 42% have policies to manage AI or detect shadow
AI.
The
Financial Cost of a Breach
- Data Breach
Costs: In India, the average total
organizational cost of data breach was INR 220 million in 2025, which is
about 13% higher than 2024 (was INR 195 million).
- Phishing
Remains the Top Attack Vector: In
India, the top three initial cause/ attack vector for the data breaches
were Phishing (18%), third party vendor and supply chain compromise (17%),
and vulnerability exploitation (13%).
- India Breach
Lifecycles Hit Record Low: The
India average breach lifecycle (the mean time to identify and contain a
breach, including restore services) dropped to 263 days, a 15-day
reduction from 2024, as more studied organizations were able to speed
identification.
- Research
Breaches Become the Costliest: The
research sector in India faced the highest impact from data breaches, with
average cost reaching INR 289 million, closely followed by the
transportation industry at INR 288 million and the industrial sector
(which was the highest in 2024) at INR 264 million.
- Security AI
Investments Still Lacking: Data
showed that using AI and security automation less than halved the cost of
a data breach. Yet despite the proven benefit, 73% of those surveyed
reported limited or no use of AI and security automation.