Latest news with #CostofaDataBreach2025
Malaysiakini
31-07-2025
- Business
- Malaysiakini
AI fuels costly corporate data breach: IBM report
As US companies race to embed artificial intelligence (AI) into everyday work, they are discovering a hidden cost: bigger, more expensive data breaches, reported Xinhua. The "Cost of a Data Breach 2025" report, published by IBM on Wednesday, revealed that 13 percent of the 600 organisations studied suffered breaches involving their own AI models or applications.
New Straits Times
31-07-2025
- Business
- New Straits Times
AI fuels costly corporate data breach: IBM Report
SACRAMENTO: As US companies race to embed artificial intelligence (AI) into everyday work, they are discovering a hidden cost: bigger, more expensive data breaches, reported Xinhua. The "Cost of a Data Breach 2025" report, published by IBM on Wednesday, revealed that 13 per cent of the 600 organisations studied suffered breaches involving their own AI models or applications. Crucially, basic access controls were missing in 97 per cent of those cases. The report also found that attackers are turning the technology against its creators: one in six breaches involved criminals using AI tools, primarily to craft convincing phishing emails and deepfake impersonations. So-called "shadow AI," systems employees deploy without authorisation, proved even costlier. Twenty per cent of respondents blamed their breach on unsanctioned AI, which added approximately 670,000 U.S. dollars to the average loss. When "shadow AI" was present, overall breach costs rose to US$4.74 million, compared with US$4.07 million when it was absent. Recent incidents illustrate how seemingly minor AI security oversights can spiral. In 2023, a single misconfigured Azure sharing link in a Microsoft AI research repository exposed 38 terabytes of internal files and over 30,000 Teams messages. That same year, Samsung temporarily banned generative AI tools after engineers pasted confidential chip designs into ChatGPT, risking sensitive leaks. Even AI providers themselves are vulnerable. A March 2023 bug in OpenAI's ChatGPT service briefly exposed some users' payment addresses and partial card details. Despite such warnings, 87 per cent of companies still lack governance policies or processes to mitigate AI risks, even though supply chain compromises already trigger nearly one-third of AI-related breaches. To address these gaps, analysts emphasise that security starts with identity: organisations must enforce strict credential management for both staff and algorithms, rotate keys frequently, and encrypt all data used to train or prompt models. Quarterly "AI health checks" that bring business and security leaders together can identify unauthorised projects, while automated threat-detection platforms help understaffed teams distinguish genuine threats from false alarms. The report concludes: "Security AI and automation lower costs, while shadow AI raises them." Organisations with mature controls reduced breach costs by nearly 40 per cent. The report noted that with the average US breach now costing US$10.22 million and regulators from Brussels to Washington drafting new rules for data-hungry algorithms, boards had a clear financial motive to treat every model, notebook and chat interface as a critical asset protected by multifactor authentication, time-limited sharing links and continuous audits before the next wave of smart machines arrives.
