It seems the cost of a data breach is moving in two different directions at once. IBM's latest Cost of a Data Breach Report 2025shows the global average has fallen to $4.44 million. In the U.S., however, the story is completely different, with costs climbing to an all-time high of $10.22 million.
So, what's driving the gap? On one hand, stricter regulations and complex response efforts are driving up costs in the U.S. But on the other, the rest of the world is using AI and automation which is saving nearly $2 million per incident by catching breaches faster.
The Long Road to Recovery
While AI is helping some companies save money, the report makes it clear that the damage from a breach goes far beyond the initial financial hit. This is the part we don't talk about enough.
IBM found that for most companies, a breach means grinding to a halt for more than 100 days just to get back to normal. Even more concerning is that 65% of business leaders admit they still haven’t fully recovered from past cyber events.
The AI Factor
AI is widely utilized these days and has been a hero when it comes to cutting costs, but it's also emerging as a major headache. What was surprising was that when AI is cited as the problem, it's not because of some sophisticated attack. Approximately 97% of AI related breaches because of a failure to do the basics: proper access control.
This is where a point from IBM's Suja Viswesan really hits home: "The data shows that a gap between AI adoption and oversight already exists, and threat actors are starting to exploit it."
We're rushing to adopt powerful new tools without securing the foundation first. A perfect example is the rise of "Shadow AI"—employees using unapproved AI tools for work. It seems harmless, but IBM found it adds about $670,000 to the cost of a breach.
A key takeaway is this: the cost of inaction is no longer just a line item on a spreadsheet. As Viswesan says, "It’s the loss of trust, transparency and control.” In the age of AI, getting the fundamentals right isn't just a best practice; it's the only path forward.