New Delhi: The average organisational cost of a data breach in India reached a new high of Rs 220 million (Rs 22 crore) in 2025 -- up 13 per cent (year-on-year), according to a report released on Thursday. The time to identify and contain a breach in India decreased to 263 days, a reduction of 15 days from 2024, as more organisations improved their speed to identify a breach, the report from US-based consulting company IBM said.
In India, only 37 per cent of organisations reported having implemented AI access controls. Nearly 60 per cent of organisations lack AI governance policies or are still developing them, the report said. Of the organisations that have AI governance policies in place, only 34 per cent use AI governance technology.
In India, the leading causes of data breaches were phishing at 18 per cent, followed by third-party vendor and supply chain compromise at 17 per cent, and vulnerability exploitation at 13 per cent. The report found that AI adoption is outpacing AI security and governance worldwide. It noted that the number of organisations experiencing an AI-related breach is small compared to the total researched population, but AI remains a high-value target. Organisations are prioritising immediate AI adoption over security and governance measures.
Ungoverned systems worldwide are more prone to breaches and incur higher costs when they do, the report said. “India’s accelerating AI adoption brings immense opportunity, but it’s also exposing enterprises to new and complex cyber threats. The absence of access controls and AI governance tools is not just a technical oversight; it’s a strategic vulnerability.
CISOs must act decisively – embedding trust, transparency, and governance into AI systems,” said Viswanath Ramaswamy, Vice President, Technology, IBM India & South Asia. Shadow AI, or the use of AI tools and applications without oversight from the organisation's IT department, ranked as one of the top three cost drivers of a breach in India, increasing the average breach cost by Rs 17.9 million.
Only 42 per cent of organisations have policies to detect shadow AI. The research sector in India faced the highest impact from data breaches, with average cost reaching Rs 289 million, closely followed by the transportation industry (Rs 288 million) and the industrial sector (Rs 264 million).
Disclaimer: This story is from the syndicated feed. Nothing has changed except the headline.
