The IBM Cost of a Data Breach Report 2025 delivers one of the most actionable snapshots of today’s cyber risk—especially as AI accelerates both innovation and exploitation. Based on insights from 600 organizations across 16 countries, it zeroes in on the trends that should reshape how security and compliance teams plan for the year ahead.

Global breach costs dipped—but the U.S. is moving in the opposite direction.
The global average breach cost fell to USD 4.44M, the first drop in years. Meanwhile, U.S. organizations are seeing record highs above USD 10M, driven by regulatory penalties and high-cost response requirements.

AI is redefining both the attack surface and the risk profile.

AI is part of everyday work, but much of that use is happening quietly. A recent Business Insider article references a KPMG study that concluded that more than half of workers admit they keep their AI use hidden from their managers. For small businesses with limited security resources, this creates a blind spot. Employees rely on AI because it helps them work faster, but without oversight, these tools can pull sensitive data into places it was never meant to go.

This behind-the-scenes use of AI, often called Shadow AI is becoming one of the most common sources of operational and compliance risk. Most staff aren’t acting with bad intentions; they’re just reaching for tools that make their work easier. The issue is that unapproved AI tools do not comply with your security standards, retain data in ways you do not understand, and may expose information you are obligated to protect.