IBM Report: Shadow AI Breaches Cost $670K More, 97% of Firms Unprotected

A alarming new report from IBM has unveiled the staggering financial impact of shadow AI breaches, costing organizations an additional $670,000 on average compared to other data breaches. According to the 2025 Cost of a Data Breach Report, the global average cost of a data breach stands at $4.44 million, while in the U.S., it skyrockets to $10.22 million. The rise of unauthorized AI tool usage by employees, often referred to as shadow AI, is a key driver behind these escalating costs.

Shadow AI refers to the use of AI tools and applications without proper oversight or authorization within an organization. IBM's findings reveal that 13% of organizations have experienced breaches related to AI models or applications. Shockingly, 97% of these firms admitted to lacking adequate access controls to secure their AI systems, leaving them vulnerable to cyberattacks and data leaks.

The rapid adoption of AI technologies has outpaced the development of corresponding security measures, creating a dangerous gap that cybercriminals are eager to exploit. Many companies fail to implement robust governance policies, with only 37% of firms having detection mechanisms in place to identify unauthorized AI usage. This lack of preparedness is proving to be a costly oversight.

IBM warns that without proper controls, shadow AI can lead to severe operational disruptions and financial losses. Breaches involving unauthorized AI tools not only inflate costs but also damage reputations and erode customer trust. Organizations are urged to prioritize AI security by establishing comprehensive governance frameworks and investing in advanced detection technologies.

On a positive note, the report highlights that security teams leveraging AI and automation are seeing benefits, including reduced breach costs and shorter recovery times. This underscores the dual nature of AI as both a potential risk and a powerful tool for enhancing cybersecurity when used responsibly.

As AI continues to transform industries, the findings from IBM serve as a wake-up call for businesses worldwide. Addressing the risks of shadow AI through proactive security measures is no longer optional but a critical necessity to safeguard sensitive data and maintain competitive advantage in an increasingly digital landscape.