Lenders sprinting to adopt artificial intelligence solutions could be opening the door to increasingly damaging cybersecurity incidents.
Nearly all types of companies who suffered hacks involving their AI models or applications in the past year lacked proper access controls, according to IBM’s annual
“Organizations are skipping over security and governance for AI in favor of do-it-now AI adoption,” the report read. “Those ungoverned systems are more likely to be breached—and more costly when they are. We’re not surprised.”
The assessment comes as the average cost of a data breach for U.S.-based businesses hit a survey-record $10.22 million for breaches that occurred between March 2024 and February 2025. Those expenses include detection, notification, lost business and legal costs in which settlements alone have cost lenders
The artificial intelligence threat
Cyberattacks via
Another 20% of companies said they dealt with attacks involving shadow AI, when employees use the tech without proper authorization or oversight. Shadow AI typically led to more personally identifiable information being compromised, and drove up average breach costs by $670,000, according to IBM.
AI has also helped
The researchers urged companies to adopt
“AI agents increasingly rely on credentials to access systems and perform tasks,” the study read. “It’s essential to implement strong operational controls or services that help you do so, and maintain visibility into all non-human identity activity.”
What the average data breach looks like today
Organizations on the whole are getting faster at responding to incidents, with a mean response time including identification and containment of 241 days, a nine-year survey low. Faster responses equal lower costs. Different types of breaches however all end up costing on average close to $5 million.
Ransomware attacks are the most expensive, costing companies on average $5.08 million. More firms, or 63% of those surveyed, however are
And while all types of information, from intellectual property to customer and employee PII cost over $100 per record, attackers are prioritizing consumer data. The cost of compromised customer PII in a data breach is $179, as the information can be used by threat actors for
What a data breach costs
The soaring cost of data breaches in the U.S. shot up primarily because of
Today’s inflationary environment is also causing companies to tighten their wallets. Just 49% of affected organizations said they would invest in more security post-breach, down from 63% last year. Conversely, fewer firms in the past 12 months said they would pass breach costs onto customers, while 15% said they would hike prices.
What companies can do to prevent a data breach
Most of the organizations who reported data breaches to IBM said they’re still recovering from the incidents 12 months later. That recovery process includes meeting compliance obligations, implementing controls sometimes required by regulators, and restoring customer and employee confidence.
While numerous controls and security tools can reduce data breach costs, other common business practices can weigh heavily. Remote work adds on average $131,212 to the average cost of a breach, while migration to the cloud can add $174,538 to incident costs, IBM found.
“Today, many attackers are logging in rather than hacking in,” the report said. “To combat this issue, it’s critical to prevent attackers from obtaining those credentials in the first place.”
