The average organisational cost of a data breach in India has surged to an unprecedented Rs 220 million (Rs 22 crore) in 2025—marking a 13 per cent year-on-year increase, according to a report released by US-based consulting giant IBM. While the financial toll is mounting, the time to detect and contain a breach has slightly improved, falling to 263 days — 15 days faster than in 2024 — as more companies enhance their breach detection capabilities.

Also Read | Robots Ready, But Trees in the Way: Delhi's Robo Parking Delay Sparks Buzz

AI Governance: A Weak Link

Despite the AI boom in India, the report paints a worrying picture of security readiness. Only 37 per cent of organisations have implemented AI access controls, and nearly 60 percent either lack AI governance policies entirely or are still developing them. Even among those with governance policies in place, just 34% are using AI governance technologies. IBM’s Vice President for Technology in India & South Asia, Viswanath Ramaswamy, warned that India’s accelerating AI adoption, while promising, is exposing businesses to new and complex cyber threats.

“The absence of access controls and AI governance tools is not just a technical oversight; it’s a strategic vulnerability. CISOs must act decisively – embedding trust, transparency, and governance into AI systems,” he said.

Phishing Tops Breach Causes

Phishing remains the leading cause of data breaches in India, accounting for 18% of cases, followed closely by third-party vendor and supply chain compromises at 17% and vulnerability exploitation at 13%. The report noted that while AI-related breaches are still relatively rare globally, AI remains a high-value target for cybercriminals — and ungoverned AI systems are more prone to costly breaches.

Shadow AI Driving Up Costs

Shadow AI—the use of AI tools and applications without approval or oversight from an organisation’s IT department—has emerged as one of the top three cost drivers for breaches in India. Such incidents raise the average cost of a breach by Rs 17.9 million. Alarmingly, only 42% of organisations have policies to detect and control shadow AI use.

Also Read | India’s BharatGen AI to Speak All 22 Scheduled Indian Languages by 2026

Industries Under Siege

The research sector has been hit hardest, with the average cost of a data breach soaring to Rs 289 million. The transportation industry follows closely at Rs 288 million, while the industrial sector has faced average breach costs of Rs 264 million. The findings highlight a pressing reality: India’s rush towards AI innovation is outpacing its investment in AI governance and security—a gap that could become costlier in the years ahead.