Recent trends in cybersecurity
Initial attack vectors and root causes
According to the IBM Cost of a Data Breach Report 2025, phishing replaced stolen or compromised credentials as the most common means to gain access, followed closely by vendor and supply chain compromise. Although somewhat less frequent, malicious insider attacks are the costliest to resolve. Breaches of cross-environment data took the longest to resolve at 276 days; on-premises breaches were the quickest at 217 days. While malicious attacks committed by outsiders or criminal insiders account for 51% of breaches, human error (26%), and IT failure (23%) still account for nearly half of all breaches.16
The most common type of data stolen or compromised was customer PII, comprising 53% of breaches. Employee PII was involved in 37% of breaches. Intellectual property (IP), while less frequently targeted at 33%, was the costliest record compromised at $178 per record.17
Cause of breaches
51% — Malicious attacks 26% — Human error23% — IT failure
Source: IBM Cost of a Data Breach Report 2025
Stolen or compromised data
53% — customer PII37% — employee PII 33% — IP records
Breaches involving AI
Breaches involving AI include those involving sanctioned use of an AI model or application in an enterprise, unsanctioned use of AI, referred to as shadow AI, in the organization, or the use of AI by attackers in AI-driven attacks. Among incidents involving sanctioned use, supply chain compromise was the most common cause at 30%. These sanctioned AI incidents most commonly involved software delivered as a service (SaaS). Shadow AI incidents were more common than sanctioned incidents, with customer PII being the most common data compromised in shadow AI incidents. AI-driven attacks comprised 16% of all breaches, primarily focused on ‘human manipulation through phishing (37%) or deepfake attacks (35%)’. While 13% of organizations reported a security incident involving sanctioned use of an AI model or application that resulted in a breach, 97% of those reporting lacked proper AI access controls. Overall, 63% of breached organizations either do not have an AI governance policy or are still developing one.18
Data breach cost components
The IBM Cost of a Data Breach Report 2025 captures data breach costs in four main categories. Lost business costs encompass a range of impacts from business disruption and downtime to acquiring new customers, lost goodwill, and reputation damage. Other data breach cost components include detection and escalation, post-breach response, and notification. Detection and escalation costs once again topped the list but showed a nearly 10% decline from 2024; each of the other categories also showed declines this year following increases in 2024.
The change in these cost components from 2024 to 2025 is summarized as follows:19
Detection and escalation — $1.63 million to $1.47 million
Lost business costs — $1.47 million to $1.38 million
Post-breach response — $1.35 million to $1.20 million
Notification costs — $0.43 million to $0.39 million
Data breach cost dynamics
The IBM Cost of a Data Breach Report 2025 provides an analysis of the key factors that increased or reduced the average breach cost. The accompanying chart captures the impact of both the most significant cost amplifiers and the most effective cost mitigators on the overall average data breach cost.
For 2025, security system complexity, which encompasses IoT and operating technology (OT) environments, along with supply chain risks continue to be problematic. Shadow AI rounds out the top three amplifier group, followed closely by adoption of AI tools at number four. The top three mitigators include taking a DevSecOps approach, AI-driven and machine-learning (ML)-driven insights, and security analytics or SIEM.20
Reducing the cost of a data breach
The IBM Cost of a Data Breach Report 2025 provides recommendations to help reduce the cost of a data breach, summarized as follows:21
Fortify identities — human and machine. As AI agents begin to play a larger role in organizational operations, the same rigor must be applied to protecting agent identities as to protecting human identities. It is essential to bring all credentials under control and to enforce proper lifecycle management and governance. The use of AI and automation tools can improve identity security without increasing the burden on staff. Adopting modern phishing-resistant authentication methods such as passkeys will also make it harder for attackers to intercept or misuse login credentials.
Elevate AI data security practices. The speed of AI adoption is outpacing the implementation of security. Because data is the fuel for AI, it’s a prime target for attackers. The rise of AI as a threat vector means going beyond surface level controls and implementing strong data security fundamentals: data discovery and classification, as well as data protections.
Connect security for AI and governance for AI. Security for AI and governance for AI are complementary disciplines. Organizations must ensure cross-functional collaboration and invest in tools that will help them automatically discover and govern shadow AI.
Use AI security tools and automation to move faster. Security teams need to use AI to keep pace with the onslaught of attackers using AI as ‘tools of their trade’. Security teams can use AI tools to reduce the volume of alerts, identify at-risk data, spot security gaps and threats earlier, and enable faster, more precise attack responses.
Improve resilience. Because breaches are inevitable, building resilience is essential. Developing a plan for resilience to enable early detection and damage minimization includes regularly testing IR plans, backup management, widespread training, and periodic crisis simulation exercises.
97% of organizations that experienced an AI-related attack lacked proper access controls on AI systems.
63% of breached organizations said they did not have an AI governance policy or are still developing one.
