Data breaches are becoming more costly due to the presence of 'Shadow AI', according to a recently released report.
IBM's Latest Report Reveals Vulnerabilities in Businesses' AI Security
IBM has released a new report on data breaches, revealing that the most common origin point for attacks on businesses' AI platforms is a supply-chain intrusion. The report, based on 470 interviews with individuals at 600 organizations that suffered a data breach between March 2024 and February 2025, highlights the importance of basic security protections for AI tools and other business platforms.
According to the report, hackers often access AI tools through compromised apps, APIs, or plug-ins. On average, 16% of data breaches involved attackers using AI, most often for AI-generated phishing (37%) and deepfake impersonation attacks (35%).
One of the key findings of the report is the lack of proper AI access controls. Sixty-three percent of companies that experienced a breach did not have an AI governance policy, although some were developing such policies. Despite this, 62% of organizations with AI governance policies failed to implement strong access controls on their AI tools.
This security gap exists because many organizations prioritize rapid AI adoption without implementing foundational security and governance measures. As a result, ungoverned AI systems are more prone to breaches and incur higher remediation costs.
The report underscores that the cost of neglecting AI security extends beyond financial loss to include diminished trust, transparency, and control over AI-driven operations. In fact, the report states that unmonitored artificial intelligence tools make data breaches costlier. Only 34% of organizations with AI governance policies regularly check their networks for sanctioned tools.
However, the report also provides some positive news. Organizations with strong AI governance and extensive use of AI for security automation saved on average $1.9 million in breach costs and reduced breach lifecycles by 80 days. This demonstrates that proper AI access controls and governance can mitigate financial and operational impacts.
The report also sheds light on the issue of "shadow AI," with one in five organizations surveyed by IBM reporting experiencing a cyberattack due to security issues with this phenomenon. Cyberattacks on organizations with security issues with "shadow AI" cost an average of $670,000 more than breaches at firms with little or no shadow AI.
In conclusion, the IBM report underscores the importance of implementing proper AI access controls and governance measures to protect businesses from data breaches and the associated costs and disruptions. By prioritizing security from the outset, organizations can ensure the safe and effective adoption of AI technologies.
- Implementing strong access controls on AI tools is crucial, as the IBM report reveals that 62% of organizations with AI governance policies failed to do so, making AI-generated phishing (37%) and deepfake impersonation attacks (35%) more prevalent.
- The IBM report emphasizes that the cost of neglecting AI security extends beyond financial loss, involving diminished trust, transparency, and control over AI-driven operations. Moreover, it states that unmonitored artificial intelligence tools make data breaches costlier.
