The average organizational cost of a data breach in India has reached a record high of ₹220 million in 2025, according to IBM's latest Cost of a Data Breach Report. This represents a 13% increase from the ₹195 million recorded in 2024. The report highlights a concerning trend: the rapid adoption of Artificial Intelligence (AI) is outpacing the development and implementation of AI security and governance frameworks.

IBM's report, which analyzed nearly 6,500 data breaches globally, marks the first time it has specifically examined AI-related security risks, including access controls and governance policies. A significant gap exists between AI adoption and security measures within Indian organizations. The findings indicate that only 37% of Indian organizations have implemented AI access controls. Furthermore, nearly 60% either lack a formal AI governance strategy or are still in the process of developing one. This lack of adequate safeguards exposes organizations to higher risks in the coming years.

Viswanath Ramaswamy, Vice President, Technology, IBM India & South Asia, emphasized that the absence of access controls and AI governance tools is not merely a technical oversight but a strategic vulnerability. He urged CISOs to proactively embed trust, transparency, and governance into AI systems by design.

The IBM report also highlights the growing risk posed by "Shadow AI". Shadow AI refers to the use of AI tools and applications without the oversight of the organization's IT department. It has emerged as one of the top three cost drivers of breaches in India, adding an average of ₹17.9 million to breach costs. Despite this, only 42% of organizations have policies in place to manage AI usage or detect shadow AI activity.

Phishing remains the leading cause of data breaches in India, accounting for 18% of cases. Third-party vendor and supply chain compromises follow at 17%, and vulnerability exploitation accounts for 13% of breaches. The research sector faced the highest data breach costs in India, averaging ₹289 million, closely followed by the transportation industry at ₹288 million.

The average breach lifecycle in India, which is the time taken to identify, contain, and restore services, has decreased to 263 days in 2025. This is 15 days shorter than in 2024, suggesting improvements in detection and containment efforts.

IBM recommends embedding security into every stage of the software development lifecycle, increasing investment in employee training, and implementing zero-trust architectures to limit the potential impact of breaches. With India's increasing role in the global digital economy, these rising data breach costs highlight the urgent need for robust defenses.