India’s average data breach cost rises to ₹22 crore, with AI security gaps posing key risks
New Delhi: The average cost incurred by organisations in India due to data breaches has surged to ₹220 million (₹22 crore) in 2025, marking a 13 percent increase compared to the previous year, according to a report published on Thursday.
The report from US-based consulting company IBM noted that Indian organisations have shortened the time taken to detect and contain data breaches. In 2025, the average time stood at 263 days—15 days less than in 2024—reflecting improvements in early identification mechanisms.
Despite progress in detection speed, the report highlighted considerable gaps in AI security readiness across Indian firms. Only 37 percent of organisations reported the use of AI access controls, while nearly 60 percent either lack AI governance policies or are in the process of formulating them.
Of the organisations that have AI governance policies in place, only 34 percent use AI governance technology.
In India, the leading causes of data breaches were phishing at 18 percent, followed by third-party vendor and supply chain compromise at 17 percent and vulnerability exploitation at 13 percent.
The report found that AI adoption is outpacing AI security and governance worldwide. It noted that the number of organisations experiencing an AI-related breach is small compared to the total researched population, but AI remains a high-value target.
Organisations are prioritising immediate AI adoption over security and governance measures. Ungoverned systems worldwide are more prone to breaches and incur higher costs when they do, the report said.
“India’s accelerating AI adoption brings immense opportunity, but it’s also exposing enterprises to new and complex cyber threats. The absence of access controls and AI governance tools is not just a technical oversight; it’s a strategic vulnerability. CISOs must act decisively—embedding trust, transparency, and governance into AI systems,” said Viswanath Ramaswamy, Vice President, Technology, IBM India & South Asia.
Shadow AI, or the use of AI tools and applications without oversight from the organisation’s IT department, ranked as one of the top three cost drivers of a breach in India, increasing the average breach cost by ₹17.9 million. Only 42 percent of organisations have policies to detect shadow AI.
The research sector in India faced the highest impact from data breaches, with average cost reaching ₹289 million, closely followed by the transportation industry (₹288 million) and the industrial sector (₹264 million).
IANS
Subscribe to our Newsletter
Disclaimer: Kindly avoid objectionable, derogatory, unlawful and lewd comments, while responding to reports. Such comments are punishable under cyber laws. Please keep away from personal attacks. The opinions expressed here are the personal opinions of readers and not that of Mathrubhumi.