Companies that have leveraged secure AI and automation have seen average breach costs 26% lower.
IBM (NYSE: IBM) today released its annual Cost of a Data Breach (CODB) report, revealing global and regional trends related to the rising costs of data breaches amid increasingly sophisticated and disruptive cyberthreats. The 2025 report explores the growing role of automation and artificial intelligence (AI) in mitigating breach costs and, for the first time, examines the state of AI security and governance.
The report indicated that the average cost of a data breach in Brazil reached R$1.5 billion (R$1.5 billion), while in 2024 the cost was R$1.5 billion (R$1.5 billion), an increase of R$1.5 billion (R$1.5 billion), marking additional pressure on cybersecurity teams facing highly complex challenges. Sectors such as Healthcare, Finance, and Services topped the list of those most impacted, registering average costs of R$1.5 billion (R$1.4 billion), R$1.5 billion (R$1.4 billion), R$1.5 billion (R$1.9 billion), and R$1.5 billion (R$1.5 billion), respectively.
In Brazil, organizations that extensively adopt secure AI and automation reported average costs of R$$ 6.48 million, while those with limited implementation reported costs of R$$ 6.76 million. For companies not yet using these technologies, the average cost rose to R$$ 8.78 million, highlighting the advantages of AI in strengthening cybersecurity.
In addition to assessing the factors that increase costs, the 2025 Cost of a Data Breach Report analyzed elements that can reduce the financial impact of a data breach. Among the most effective initiatives are the implementation of threat intelligence (which reduced costs by an average of R$ 655,110) and the use of AI governance technology (R$ 629,850). Even with this significant cost reduction, the report found that only 29% of the organizations studied in Brazil use AI governance technology to mitigate risks associated with attacks on AI models. Overall, AI governance and security are being largely ignored, with 87% of the organizations studied in Brazil reporting no AI governance policies in place and 61% lacking AI access controls.
"Our study shows that there is already a worrying gap between the rapid adoption of AI and the lack of adequate governance and security, and malicious actors are exploiting this vacuum. The lack of access controls in AI models has exposed sensitive data and increased the vulnerability of organizations. Companies that underestimate these risks are not only putting critical information at risk but also compromising trust across the entire operation," explains Fernando Carbone, Security Services Partner at IBM Consulting in Latin America.
Factors contributing to rising data breach costs
Security system complexity contributed, on average, an increase of R$ 725,359 to the total cost of the breach.
The study also showed that unauthorized use of AI tools (shadow AI) generated an average increase in costs of R$591,400. And the adoption of AI tools (internal or public), despite their benefits, added an average cost of R$578,850 to data breaches.
The report also identified the most frequent initial causes of data breaches in Brazil. Phishing stood out as the main threat vector, accounting for 18% of the breaches, resulting in an average cost of R$$ 7.18 million. Other significant causes include third-party and supply chain compromise (15%, with an average cost of R$$ 8.98 million) and vulnerability exploitation (13%, with an average cost of R$$ 7.61 million). Compromised credentials, internal (accidental) errors, and malicious insiders were also reported as causes of breaches, demonstrating the wide range of challenges organizations face in protecting data.
Other global findings from the 2025 Cost of a Data Breach report:
- 13% of the organizations reported breaches involving AI models or applications, while 8% did not know if they had been compromised in this way. Of the compromised organizations, 97% reported not having AI access controls in place.
- 63% of the breached organizations do not have an AI governance policy or are still developing one. Among those with policies, only 34% conduct regular audits to detect unauthorized AI use.
- One in five organizations reported a breach due to shadow AI, and only 37% have policies in place to manage or detect this technology. Organizations that used high levels of shadow AI saw an average of $670,000 more in breach costs compared to those with low levels or no shadow AI. Security incidents involving shadow AI led to the compromise of more personally identifiable information (65%) and intellectual property (40%) compared to the global average (53% and 33%, respectively).
- 16% of the breaches studied involved hackers using AI tools, often for phishing or deepfake attacks.
The financial cost of a breach
- Data breach costs. The global average cost of a data breach fell to US$1.44 million, the first drop in five years, while the average cost of a breach in the US reached a record US$1.02 million.
- Global breach lifecycle reaches record timeThe global average time to identify and contain a breach (including service restoration) fell to 241 days, a 17-day reduction from the previous year, as more organizations detected the breach internally. Organizations that detected the breach internally also saved US$1,400,000 in breach costs compared to those notified by an attacker.
- Healthcare breaches remain the most costly. At an average of US$$ 7.42 million, breaches in the healthcare sector remained the most costly of all sectors studied, even with a US$$ 2.35 million reduction in costs compared to 2024. Breaches in this sector take the longest to identify and contain, with an average time of 279 days, more than 5 weeks above the global average of 241 days.
- Ransom payment fatigue. Last year, organizations increasingly resisted ransom demands, with 63% choosing not to pay, compared to 59% the year before. As more organizations refuse to pay ransoms, the average cost of an extortion or ransomware incident remains high, especially when disseminated by an attacker (US$$ 5.08 million).
- Post-violation price increases. The consequences of a breach continue to extend beyond containment. While down from the previous year, nearly half of all organizations reported planning to increase the price of goods or services due to the breach, and nearly a third reported price increases of 15% or more.
- Stagnation in security investments amid rising AI risks. There was a significant reduction in the number of organizations reporting plans to invest in security after a breach: 49% in 2025, compared to 63% in 2024. Less than half of those planning to invest in post-breach security will focus on AI-based security solutions or services.
20 Years of the Cost of a Data Breach
The report, conducted by the Ponemon Institute and sponsored by IBM, is the industry's leading reference for understanding the financial impact of data breaches. The report analyzed the experiences of 600 global organizations between March 2024 and February 2025.
Over the past 20 years, the Cost of a Data Breach Report has investigated nearly 6,500 breaches worldwide. In 2005, the inaugural report found that nearly half of all breaches (45%) originated from lost or stolen devices. Only 10% were due to hacked systems. Fast forward to 2025, and the threat landscape has changed dramatically. Today, the threat landscape is predominantly digital and increasingly targeted, with breaches now driven by a spectrum of malicious activities.
A decade ago, cloud misconfigurations went unmonitored. Now, they're among the top breach vectors. Ransomware exploded during the 2020 lockdowns, with the average cost of breaches rising from $1,400,000 in 2021 to $1,000,000 in 2025.
To access the full report, visit the official IBM website on here.
EN 
PT 
