India’s average data breach cost hits ₹220 million in 2025, AI security gaps emerge: IBM report

The average cost of a data breach in India has surged to ₹220 million in 2025, a 13 percent increase from last year, according to IBM’s latest Cost of a Data Breach Report. The study warns that while enterprises are rapidly adopting AI, security and governance measures are failing to keep pace, creating high-value targets for cybercriminals.

The report marks the first time IBM has examined AI-specific security, governance, and access controls. It found that only 37 percent of Indian organisations have AI access controls in place, and nearly 60 percent either lack AI governance policies or are still developing them.

“India’s accelerating AI adoption brings immense opportunity, but it’s also exposing enterprises to new and complex cyber threats. The report revealed a gap, while AI is being rapidly embedded across business operations, security and governance are being left behind. The absence of access controls and AI governance tools are not just a technical oversight, it’s a strategic vulnerability. CISOs must act decisively - embedding trust, transparency, and governance into AI systems by design,” said Viswanath Ramaswamy, Vice President, Technology, IBM India & South Asia.

Key India findings from the report:

    •    AI Governance: Nearly 60 percent of breached organisations lacked a governance policy or were still creating one; only 34 percent of those with policies used AI governance technology.
    •    Shadow AI: Unauthorised AI usage was among the top three breach cost drivers, adding ₹17.9 million on average. Only 42 percent had measures to manage or detect it.
    •    Breach Costs: Average breach cost rose to ₹220 million from ₹195 million in 2024.
    •    Attack Vectors: Phishing (18 percent), third-party/vendor compromise (17 percent), and vulnerability exploitation (13 percent) were the most common causes.
    •    Breach Lifecycle: Average time to identify and contain breaches fell to 263 days, 15 days faster than last year.
    •    Sector Impact: Research was the most affected sector at ₹289 million per breach, followed by transportation at ₹288 million and industrial at ₹264 million.
    •    Security AI: Use of AI and automation cut breach costs by more than half, yet 73 percent reported limited or no adoption.

The report, based on analysis of nearly 6,500 breaches over two decades, notes that today’s threat environment is predominantly digital, with AI-driven attacks and unregulated AI usage adding to the complexity.