/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow Us/dq/media/media_files/2025/08/08/data-breach-2025-08-08-11-29-41.jpg)
According to IBM’s latest Cost of a Data Breach report, India reported the highest worldwide average cost of a data breach in 2025. The approximately INR 220 million average cost is a 13% increase over 2024. IBM released the report today has several warning signs not only about India’s rapidly rising breach costs, but India’s lack of preparedness to secure new emergent AI systems despite their organizational adoption.
The report also demonstrates a notable paradox with Indian enterprises: AI is rapidly being embedded into the operations of organizations but their security frameworks and governance are lagging dangerously behind. Only 37% of organizations in India have access controls for AI systems, and nearly 60% have absent or early-stage AI governance policies.
“India’s accelerating AI adoption brings immense opportunity, but it’s also exposing enterprises to new and complex cyber threats. The absence of access controls and AI governance tools are not just a technical oversight, it’s a strategic vulnerability,” said Viswanath Ramaswamy, Vice President – Technology, IBM India & South Asia.
Shadow AI: A Silent, Expensive Risk
The growth of Shadow AI—using unapproved AI programs without IT consultation—was one of the biggest concerns that we identified as part of our study this year. Shadow AI was one of the three top drivers of breach costs in India, which added an average for breaches of INR 17.9 million. With recent developments in ChatGPT and other AI tools, this issue poses more severe financial and reputational risks to organizations. This is concerning when considering only 42% of Indian firms reported having policies around managing or detecting unauthorized use of AI tools.
Key Drivers of Breach Costs in India
Top Attack Vector: Phishing remained the leading cause of breaches at 18%, closely followed by third-party vendor or supply chain compromise at 17% and vulnerability exploitation at 13%.
Sectorial Impact: Research Sector saw the highest breach costs at INR 289 million, marginally above transportation at INR 288 million, and higher than for industrial firms at INR 264 million.
Response Efficacy: On a positive note, the breach life cycle—the time it took organizations to identify a threat and contain it—decreased in time-span by 15 days to 263 days in 2025, showing improvement in organizations' ability to respond to incidents.
Underutilized Security AI: Organizations that scaled AI for security experienced breach costs decrease on average by more than half, however, 73% of respondents said they were not using AI for security or were only using it to a limited extent.
Global Context: AI Governance in Early Stages
This is the first time IBM’s long-running study has focused on the security implications of AI systems, revealing that globally, AI adoption is outpacing AI security and governance. While AI-related breaches still represent a small proportion of overall incidents, IBM warns that ungoverned AI is quickly becoming a high-value, low-defended target for cybercriminals.
The Way Forward: Embedding Trust into AI by Design
The report suggests that Indian enterprises—particularly CISOs and IT leaders—must shift from reactive to proactive strategies when it comes to AI. That means building AI governance, risk mitigation protocols, and access controls into the fabric of AI systems from the ground up.
“Do-it-now AI adoption must not come at the expense of long-term resilience,” the report cautions.