NewKerala.com

Key Points

India's average data breach costs jumped to Rs 220 million as AI adoption outpaces security measures. Unregulated "shadow AI" tools are adding millions to breach bills while most firms lack governance policies. Though phishing remains the top threat, companies using AI security tools cut costs by over 50%. The research sector faces the steepest penalties at Rs 289 million per breach despite faster detection times.

Key Points: India Data Breach Costs Hit Record Rs 220 Million in 2025 IBM Finds

  • AI governance gaps expose 60% of Indian firms to breaches
  • Shadow AI adds Rs 17.9M per breach due to unchecked usage
  • Phishing leads Indian breaches at 18% ahead of supply chain risks
  • Research sector bears highest costs at Rs 289M per incident
2 min read

India's data breach average cost rises to record Rs 220 million in 2025: IBM Report

IBM report reveals India's data breach costs surged 13% to Rs 220M with AI governance gaps and shadow AI driving risks

"Shadow AI emerged as one of the top three cost drivers of breaches in India - IBM Cost of Data Breach Report"

New Delhi, August 8

The average organizational cost of a data breach in India has climbed to an all-time high of Rs 220 million in 2025, marking a 13 per cent increase from Rs 195 million recorded in 2024, according to the latest Cost of a Data Breach Report released by IBM.

The report revealed that globally, the adoption of artificial intelligence (AI) is outpacing the development of AI security and governance frameworks.

While AI-related breaches remain a small portion of the cases studied, this is the first time the report has examined security, governance, and access controls for AI, highlighting that AI has already become a high-value target for attackers.

In India, nearly 60 per cent of organizations that experienced a breach either lack an AI governance policy or are still in the process of developing one. Among those with governance policies in place, only 34 per cent are actually using AI governance technology.

The report also flagged the growing risk from "Shadow AI", the use of AI tools and applications without oversight from the organization's IT department.

Shadow AI emerged as one of the top three cost drivers of breaches in India, adding an average of Rs 17.9 million to breach costs. Despite this, only 42 per cent of organizations have policies to manage AI usage or detect shadow AI activity.

The report mentioned that Phishing remained the leading cause of breaches in India, accounting for 18 per cent of cases, followed by third-party vendor and supply chain compromises at 17 per cent, and vulnerability exploitation at 13 per cent.

The average breach lifecycle in India, the time taken to identify, contain, and restore services, dropped to 263 days in 2025, which is 15 days shorter than in 2024, suggesting improved detection and containment efforts.

The research sector faced the highest data breach costs in India at an average of Rs 289 million, closely followed by the transportation industry at Rs 288 million. The industrial sector, which topped the list in 2024, recorded an average cost of Rs 264 million this year.

The report findings highlighted that the use of AI and security automation could cut breach costs by more than half. However, 73 per cent of Indian organizations surveyed reported limited or no use of such technology, despite the proven financial benefits.

- ANI

Share this article:

Reader Comments

P
Priya S
As someone working in IT, I see this daily - employees using random AI tools without checking with security teams. Shadow AI is a real problem! Companies need better training and strict policies. The ₹17.9 million extra cost is just the tip of the iceberg.
R
Rohit P
Good to see breach lifecycle reduced by 15 days, but 263 days is still too long! In this digital age, we need faster response times. Maybe the government should introduce stricter cybersecurity regulations with heavy penalties for non-compliance.
S
Sarah B
The research sector being most vulnerable is concerning - that's where our sensitive data and intellectual property lives! 😨 Indian companies must stop treating cybersecurity as an afterthought and make it a boardroom priority.
V
Vikram M
While the report highlights important issues, I feel it's too focused on AI risks. Traditional threats like phishing (18% of cases) remain bigger problems for most Indian businesses. Let's not get distracted by shiny new tech when basics aren't covered.
K
Kavya N
The transportation sector being second highest is scary - imagine if hackers target our metro systems or railways! Government should mandate cybersecurity audits for critical infrastructure. Jai Hind! 🇮🇳
M
Michael C
Interesting that 73% of

We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.

Leave a Comment

Minimum 50 characters 0/50