New Delhi, ,August 2025.
IBM today released its Cost of a Data Breach Report, which revealed the average total organizational cost of data breach in India reached an all-time high of INR 220 million in 2025 (13% higher than last year). The report also found that globally, AI adoption is greatly outpacing AI security and governance. While the overall number of organizations globally experiencing an AI-related breach is a small representation of the researched population, this is the first time security, governance and access controls for AI have been studied in this report, which suggests AI is already an easy, high value target.
- Only 37% of organizations reported having AI access controls in place in India
- Nearly 60% of organizations either don’t have AI governance policies in place or are still developing them in India.
This year’s results show that organizations are bypassing security and governance for AI in favor of do-it-now AI adoption. Globally, ungoverned systems are more likely to be breached, and more costly when they are.
“India’s accelerating AI adoption brings immense opportunity, but it’s also exposing enterprises to new and complex cyber threats. The report revealed a gap, while AI is being rapidly embedded across business operations, security and governance are being left behind. The absence of access controls and AI governance tools are not just a technical oversight, it’s a strategic vulnerability. CISOs must act decisively – embedding trust, transparency, and governance into AI systems by design,” saidViswanath Ramaswamy, Vice President, Technology, IBM India & South Asia.
Key findings from the report for India are as follows:
Breaches and the AI era
- AI Governance Policies: Nearly 60% of breached organizations either don’t have an AI governance policy or are still developing a policy. Of the organizations that have AI governance policies in place, only 34% use AI governance technology.
- The Cost of Shadow AI (the use of AI tools and applications without oversight from the organization’s IT department): Shadow AI was among the top 3 cost driver of a breach in India, added INR 17.9 million to the cost of a breach on average. Despite this, we found that only 42% have policies to manage AI or detect shadow AI.
The Financial Cost of a Breach
- Data Breach Costs: In India, the average total organizational cost of data breach was INR 220 million in 2025, which is about 13% higher than 2024 (was INR 195 million).
- Phishing Remains the Top Attack Vector: In India, the top three initial cause/ attack vector for the data breaches were Phishing (18%), third party vendor and supply chain compromise (17%), and vulnerability exploitation (13%).
- India Breach Lifecycles Hit Record Low: The India average breach lifecycle (the mean time to identify and contain a breach, including restore services) dropped to 263 days, a 15-day reduction from 2024, as more studied organizations were able to speed identification.
- Research Breaches Become the Costliest: The research sector in India faced the highest impact from data breaches, with average cost reaching INR 289 million, closely followed by the transportation industry at INR 288 million and the industrial sector (which was the highest in 2024) at INR 264 million.
- Security AI Investments Still Lacking: Data showed that using AI and security automation less than halved the cost of a data breach. Yet despite the proven benefit, 73% of those surveyed reported limited or no use of AI and security automation.
