IBM has released its 2025 Cost of a Data Breach Report, with specific information related to South Africa.
The report notes that the average cost has come down significantly since last year.
That said, the frequency of attacks is on the rise.
It is that time of the year again when IBM shares its latest report of the Cost of a Data Breach. As in recent years, the 2025 edition features information based on feedback from South African respondents, but unlike previous years, there is an oddity in the report.
This as the average cost of a data breach in South Africa is on the decline, at least over the past 12 months.
To that end, the average cost is estimated at R 44.1 million, which is down from R 53.1 million last year. This represents an almost 17 percent year-on-year decrease.
While the figure coming down is a positive, it is still extremely high at R44.1 million, and represents that not all businesses would be able to recover from, especially if there was no form of cyber insurance in place. Added to this, depsite the average cost coming down, the average number of breached records for the 2025 report has in fact increased to 23 445, compared to 22 600 in 2024.
As for why the cost has seemingly come down, the feedback IBM received highlighted three main factors – the adoption of data security/protection software, increased use of AI-ML driven insights, and the shift towards DevSecOps practices.
“Despite the increase in the average number of breached records, the decline in breach costs is a strong signal that AI-enabled cyber defense tools are working. As South African organizations expand their use of AI in security operations, they’re identifying and containing threats faster,” noted Ria Pinto, GM and Technology leader at IBM South Africa.
“But with attackers also leveraging AI, it is critical for local businesses to continue investing in AI security, upskilling their security teams, and implementing robust AI governance practices,” she added in a release shared with Hypertext.
Diving a little deeper into the feedback contained in the report, IBM also pointed out that detection and escalation remained the largest cost category at R17.5 million. This was followed by lost business cost at R13.1 million, post-breach response at R12.54 millon, and notification costs at R950 000.
“While total breach costs have declined, these figures underline the financial exposure South African organizations still face across the breach lifecycle,” IBM emphasised.
As for which industries were hardest hit by breaches, from a cost perspective, IBM shared that the financial sector experienced the highest total cost of a breach at R70.2 million, followed by hospitality at R57.5 million, and services at R56.76 million.
With much being made about the role that AI can play in terms of cybersecurity moving forward, especially given the complexity and intensity with which attackers operate these days, it will be interesting to see whether further investments on this front will see both cost and frequency of data breaches decrease in IBM’s report next year too.
To download and read the 2025 report for yourself, head here.
[Image – Photo by Getty Images on Unsplash]