Latest news with #SujaViswesan
Yahoo
5 days ago
- Business
- Yahoo
97% of AI breach victims lacked access controls, IBM finds
This story was originally published on To receive daily news and insights, subscribe to our free daily newsletter. About one in eight organizations has already experienced an AI-related data breach, according to an IBM-commissioned research report released on July 30. While the 13% of organizations that reported breaches of AI models or applications might seem like a relatively modest proportion, consider that among those compromised, 97% said they did not have AI access controls in place. As a result, according to IBM, 60% of the AI-related security incidents led to compromised data and 31% led to operational disruption. About a quarter (23%) suffered financial losses. The research, which studied data breaches experienced by 600 organizations globally from March 2024 through February 2025, was conducted by Ponemon Institute. 'The data shows that a gap between AI adoption and oversight already exists, and threat actors are starting to exploit it,' said Suja Viswesan, vice president of security and runtime products for IBM. The average cost among all types of data breaches during the study period was $4.44 million, representing a 9% decrease from the prior 12-month period and a return to 2023 cost levels. Breach costs rose in the United States, though, to an average of $10.22 million from an average of $9.36 million. According to the report, driving the overall global cost decrease was faster identification and containment of breaches, 'much of it from organizations' own security and security service teams, with help from AI and automation.' However, a majority (63%) of organizations that suffered an AI breach said they either didn't have an AI governance policy or were still developing one. Even where there was a policy, less than half (45%) had an approval process for AI deployments, and 61% lacked AI governance technologies, according to the report. The threat posed by AI is not, of course, entirely related to lax internal governance and controls. The reported noted that one in six data breaches, or 16%, involved attackers using AI themselves, most often for AI-generated phishing (37%) and deepfake impersonation attacks (35%). Almost a third (29%) of organizations that experienced a security incident involving an AI model or application reported that the source was a software-as-a-service product provided by a third-party vendor. Additionally, 30% of such security incidents involved supply chains, including compromised apps, APIs and plug-ins. One in five surveyed organizations said they experienced a security incident involving unsanctioned, 'shadow' AI. The average global cost of a shadow AI breach, at $4.63 million, was about 4% higher than the overall average data breach cost. Recommended Reading How CFOs can protect data from cybersecurity attacks Sign in to access your portfolio
Forbes
6 days ago
- Business
- Forbes
The Wiretap: Lack Of AI Oversight Increases Data Breach Risks
The Wiretap is your weekly digest of cybersecurity, internet privacy and surveillance news. To get it in your inbox, subscribe here . As more companies adopt AI without oversight, the more they risk their own security. That's one of the implications of IBM's annual report on data breaches, which looks at the impact of AI for the first time this year. The tech giant found that 16% of breaches in the past year involved the use of AI tools. Additionally, 20% of organizations reported that they'd experienced a breach due to an employee using unsanctioned AI tools on company the organizations that saw AI-related breaches, 97% didn't have any access controls in place and 63% didn't have an AI governance policy. "The data shows that a gap between AI adoption and oversight already exists, and threat actors are starting to exploit it," Suja Viswesan, IBM's vice president of security said in a statement. The stakes are high: In the United States, the average cost per data breach has reached a record $10.22 million–even as the average cost globally has declined to $4.44 million. Healthcare is the most expensive sector when it comes to a data breach: the average incident costs about $7.42 million, though that is a big decline from 2024's $9.77 million figure. Companies are also getting better at managing data breaches: the average lifecycle of a data breach incident–from discovery to recovery–dropped to 241 days, compared to last year's 258 and the 280 days IBM identified in 2020. This is in part because more companies are discovering breaches on their own rather than hearing it first from their attackers–in part, because more companies are using AI to monitor their networks and keep them secure. Got a tip on surveillance or cybercrime? Get me on Signal at +1 929-512-7964 . Illustration by Samantha Lee for Forbes; Photos;F or college students looking for jobs or internships, the standard advice about social media has been this: Build up your professional profile on LinkedIn, but scrub other social media accounts (the ones displaying your political opinions or party antics) or just make them private. Yet recent developments could make that playbook obsolete as students face a potential Catch-22: What they've said on social media can hurt them when they are job hunting. But students erasing or cloaking their public online presence could also backfire in less predictable ways. Some prospective employers are adopting AI tools to screen social media to determine if applicants are real, because AI has led to an explosion of fake (or stolen) identities by scammers. Those tools screen for things like age of social accounts, posting and liking activity as well as LinkedIn connections, which makes scrubbing your profile a riskier proposition. Read the whole story at Forbes Stories You Have To Read Today Over 300 companies have been infiltrated by online scammers from North Korea pretending to be working remotely from elsewhere, according to a new report from Crowdstrike. AI search engine Perplexity is obscuring the identity of its crawlers to sidestep websites that block them, per a new Cloudflare report. The Senate confirmed Sean Cairncross, a Republican political operative with no professional cybersecurity experience, as the new head of the Office of the National Cyber Director, which advises the President on cyber defense issues. Hackers backed by the Russian government are attempting to break into systems at foreign embassies in Moscow, Microsoft has warned. Senators Marsha Blackburn (R-Tenn.) and Gary Peters (D-Mich.) have introduced legislation to develop a national cybersecurity strategy for protecting federal systems from quantum computers. Winner of the Week Cybersecurity researchers stand to win tens of thousands of dollars if they can find security issues in popular software at the Pwn2Own contest being held this October in Ireland. The biggest prize? Meta announced last week that it is offering $1 million to any team that can find a 0-day exploit in WhatsApp. Loser of the Week Security researchers found major security vulnerabilities in AI-coding tool Cursor which would allow hackers to remotely execute malicious code and bypass other protections. The vulnerabilities were patched in the latest release. More On Forbes Forbes Meet The Other Billionaire Behind Skydance's Paramount Deal By John Hyatt Forbes How Small Business Can Survive Google's AI Overview By Brandon Kochkodin Forbes Want To Hedge Against Inflation? Buy A Forest By William Baldwin
Yahoo
30-07-2025
- Business
- Yahoo
IBM Report: 13% Of Organizations Reported Breaches Of AI Models Or Applications, 97% Of Which Reported Lacking Proper AI Access Controls
U.S. breach costs rise to $10.22 million, despite the global average cost of a breach decreasing to $4.44 million; Only 49% of breached organizations plan to invest in security ARMONK, N.Y., July 30, 2025 /PRNewswire/ -- IBM (NYSE: IBM) today released its Cost of a Data Breach Report, which revealed AI adoption is greatly outpacing AI security and governance. While the overall number of organizations experiencing an AI-related breach is a small representation of the researched population, this is the first time security, governance and access controls for AI have been studied in this report, which suggests AI is already an easy, high value target. 13% of organizations reported breaches of AI models or applications, while 8% of organizations reported not knowing if they had been compromised in this way. Of those compromised, 97% report not having AI access controls in place. As a result, 60% of the AI-related security incidents led to compromised data and 31% led to operational disruption. This year's results show that organizations are bypassing security and governance for AI in favor of do-it-now AI adoption. Ungoverned systems are more likely to be breached—and more costly when they are. "The data shows that a gap between AI adoption and oversight already exists, and threat actors are starting to exploit it," said Suja Viswesan, Vice President, Security and Runtime Products, IBM. "The report revealed a lack of basic access controls for AI systems, leaving highly sensitive data exposed, and models vulnerable to manipulation. As AI becomes more deeply embedded across business operations, AI security must be treated as foundational. The cost of inaction isn't just financial, it's the loss of trust, transparency and control." However, the report did reveal that organizations using AI and automation extensively throughout their security operations saved an average $1.9 million in breach costs and reduced the breach lifecycle by an average of 80 days. The 2025 report, conducted by Ponemon Institute, sponsored and analyzed by IBM, is based on data breaches experienced by 600 organizations globally from March 2024 through February 2025. Key findings from the report around AI security and breaches, the financial cost of a breach, and operational disruption are as follows: Breaches and the AI era AI Governance Policies. 63% of breached organizations either don't have an AI governance policy or are still developing a policy. Of the organizations that have AI governance policies in place, only 34% perform regular audits for unsanctioned AI. The Cost of Shadow AI. One in five organizations reported a breach due to shadow AI, and only 37% have policies to manage AI or detect shadow AI. Organizations that used high levels of shadow AI observed an average of $670,000 in higher breach costs than those with a low level or no shadow AI. Security incidents involving shadow AI led to more personally identifiable information (65%) and intellectual property (40%) being compromised compared to the global average (53% and 33% respectively). Smarter Attacks with AI. 16% of breaches studied involved attackers using AI tools, most often for phishing or deepfake impersonation attacks. The Financial Cost of a Breach Data Breach Costs. The global average cost of a data breach fell to $4.44 million, the first decline in five years, while the average U.S. cost of a breach reached a record $10.22 million. Global Breach Lifecycles Hit Record Low. The global average breach lifecycle (the mean time to identify and contain a breach, including restore services) dropped to 241 days, a 17-day reduction from the year prior, as more studied organizations detected the breach internally. Those organizations who detected the breach internally also observed a $900,000 savings on breach costs compared to those disclosed by an attacker. Healthcare Breaches Remain the Costliest. Averaging $7.42 million, healthcare breaches remained the most expensive across all studied industries, even as this sector saw a $2.35 million reduction in costs compared to 2024. Breaches across this sector take the longest to identify and contain at 279 days, that's more than 5 weeks longer than the global average of 241 days. Ransom Payment Fatigue. Last year, organizations pushed back against ransom demands, with more opting not to pay (63%) compared to the year prior (59%). As more organizations refuse to pay ransoms, the average cost of an extortion or ransomware incident remains high, particularly when disclosed by an attacker ($5.08 million). Security Investments Stall Amid Rising AI Risks. There was a significant reduction in the number of organizations that said they plan to invest in security following a breach, 49% in 2025 compared to 63% in 2024. Less than half of those that plan to invest in security post-breach will focus on AI-driven security solutions or services. The Long Tail of a Breach: Operational Disruption According to the 2025 IBM report, nearly all organizations studied suffered operational disruption following a data breach. This level of disruption is taking a toll on recovery timelines. Among organizations that reported recovery, most took more than 100 days on average to do so. However, the consequences of a breach continue to extend beyond containment. While down compared to the year prior, nearly half of all organizations reported that they planned to raise the price of goods or services because of the breach, and nearly one-third reported price increases of 15% or more. About the Cost of a Data Breach Report The Cost of a Data Breach Report has investigated nearly 6,500 data breaches over the past 20 years. Since the inaugural report in 2005, the nature of breaches has evolved dramatically. Back then, risk was largely physical. Today, the threat landscape is overwhelmingly digital and increasingly targeted, with breaches now driven by a spectrum of malicious activity. With the pace of enterprise AI adoption proliferating, for the first time, the Cost of a Data Breach research studied the state of security and governance for AI, the type of data targeted in security incidents involving AI, breach costs associated with AI-driven attacks, and the prevalence and risk profile of shadow AI (unregulated, unauthorized use of AI). Historical findings from past reports include the following: 2005: nearly half (45%) of all data breaches were caused by lost or stolen computing devices, such as a laptop or thumb drive, and only 10% of breaches were due to hacked electronic systems. 2015: breaches due to cloud misconfiguration weren't even a categorized threat, today they are a leading target. 2020: ransomware began to surge, and by 2021 it accounted for an average of $4.62 million in breach costs, and this year that number reached an average of $5.08 million (when the incident was disclosed by an attacker). 2025: AI, which was included for the first time in the research this year, is quickly emerging as a high value target. Additional sources: Download a copy of the 2025 Cost of a Data Breach Report to learn more. Sign up for the 2025 IBM Cost of a Data Breach webinar on Wednesday, August 13, 2025, at 11:00 a.m. ET. Read more about the report's top findings in this IBM blog. About IBMIBM is a leading provider of global hybrid cloud and AI, and consulting expertise. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs, and gain a competitive edge in their industries. Thousands of governments and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM's hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently, and securely. IBM's breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and consulting deliver open and flexible options to our clients. All of this is backed by IBM's long-standing commitment to trust, transparency, responsibility, inclusivity, and service. Visit for more information. Media contact: IBMMichele Brancatimbrancati@ View original content to download multimedia: SOURCE IBM Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
19-06-2025
- Business
- Yahoo
IBM unveils unified AI security and governance software
IBM has launched new software capabilities that integrate AI security and governance, marking what it claims is the industry's first unified solution for managing agentic AI risks. The enhancements combine IBM's an end-to-end AI governance platform, with Guardium AI Security, a tool designed to protect AI models, data, and usage. The integrated solution enables enterprises to manage security and governance risks across AI use cases, supporting compliance with 12 frameworks, including the EU AI Act and ISO 42001. IBM Data and AI general manager Ritika Gunnar said: 'AI agents are set to revolutionise enterprise productivity, but the very benefits of AI agents can also present a challenge. 'When these autonomous systems aren't properly governed or secured, they can carry steep consequences.' Through a partnership with Guardium AI Security now detects AI use cases in cloud environments, code repositories, and embedded systems, offering visibility in decentralised AI ecosystems. Identified use cases can automatically initiate governance workflows via Recent Guardium AI Security updates include automated red teaming to uncover vulnerabilities and misconfigurations, plus custom security policies to address risks like code injection and data leakage. These features are available now, with full integration with planned for later this year. IBM Security and Runtime Products vice president Suja Viswesan said: 'The future of AI depends on how well we secure it today. Embedding security from the start is essential to protecting data, supporting compliance obligations, and building lasting trust.' now facilitates lifecycle management of AI agents, from development to deployment, with evaluation nodes monitoring metrics like answer relevance and context faithfulness to identify performance issues. Future capabilities, slated for release by 27 June, include agent onboarding risk assessments, audit trails, and an agentic tool catalogue. The Compliance Accelerators, available now as an add-on, provide pre-loaded regulations and standards, such as the EU AI Act, U.S. Federal Reserve's SR 11-7, New York City Local Law 144, ISO/IEC 42001, and NIST AI RMF, allowing users to align AI use cases with global compliance requirements. IBM Consulting Cybersecurity Services is introducing new offerings that combine platforms like Guardium AI Security with AI expertise to support organisations in secure AI transformation. These services cover vulnerability detection, secure-by-design practices, and regulatory guidance, building on IBM's work with clients like Nationwide Building Society and e&. For AWS users, is now accessible on AWS data centres in India, featuring enhanced model monitoring capabilities. IDC Security and Trust Group research director Jennifer Glenn said: 'Unifying AI governance with AI security gives organisations the necessary context to find and prioritise risks, as well as the information to clearly communicate the consequences of not addressing them." "IBM unveils unified AI security and governance software" was originally created and published by Verdict, a GlobalData owned brand. The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Cision Canada
18-06-2025
- Business
- Cision Canada
IBM Introduces Industry-First Software to Unify Agentic Governance and Security
New IBM integrations to help businesses keep their agentic AI – and other generative AI systems –secured and responsible at scale Enterprises can red team agents, audit agents, detect shadow agents, and more ARMONK, N.Y., June 18, 2025 /CNW/ -- Today, as enterprises scale AI agents across their organizations, IBM (NYSE: IBM) is announcing the industry's first software to bring AI security and AI governance teams together and provide a unified view of enterprises' risk posture. The new capabilities enhance and integrate and Guardium AI Security to help clients keep their AI systems, including agents, secured and responsible at scale. is IBM's end-to-end AI governance tool and Guardium AI Security is IBM's tool for securing AI models, data, and usage. "AI agents are set to revolutionize enterprise productivity, but the very benefits of AI agents can also present a challenge," said Ritika Gunnar, General Manager, Data and AI, IBM. "When these autonomous systems aren't properly governed or secured, they can carry steep consequences." Today's new offerings include: Integrating and Automating Agentic AI Security IBM is enhancing the integration of IBM Guardium AI Security and providing enterprises with the first unified solution to manage security and governance risks associated with AI use cases. The integration supports users' processes to validate compliance standards against 12 different frameworks, including the EU AI Act and ISO 42001. IBM is also introducing new capabilities to Guardium AI Security through a collaboration with including the ability to detect new AI use cases in cloud environments, code repositories, and embedded systems –providing broad visibility and protection in an increasingly decentralized AI ecosystem. Once identified, IBM Guardium AI Security can automatically trigger appropriate governance workflows from Recent updates to IBM Guardium AI Security also include automated red teaming to help enterprises detect and fix vulnerabilities and misconfigurations across AI use cases. And to help mitigate risks such as code injection, sensitive data exposure, and data leakage, the tool enables users to define custom security policies that analyze both input and output prompts. These features are available now in IBM Guardium AI Security, and their integration with will roll out throughout the remainder of the year. "The future of AI depends on how well we secure it today. Embedding security from the start is essential to protecting data, supporting compliance obligations, and building lasting trust," said Suja Viswesan, Vice President, Security and Runtime Products, IBM. "One of the biggest challenges for security teams is translating incidents and compliance violations into quantifiable business risk. The rapid adoption of AI and agentic AI amplifies this issue," said Jennifer Glenn, Research Director for the IDC Security and Trust Group. "Unifying AI governance with AI security gives organizations the necessary context to find and prioritize risks, as well as the information to clearly communicate the consequences of not addressing them." Enhanced Agentic AI Evaluation and Lifecycle Governance IBM can now monitor and manage AI agents across their entire lifecycle, from development to deployment. Evaluation nodes can be built directly into agents, allowing users to carefully monitor metrics like answer relevance, context relevance, and faithfulness – and help identify the root cause of poor performance. Planned future capabilities also include agent onboarding risk assessment, agent audit trails, and an agentic tool catalogue, which are expected to be available June 27. Off-the-Shelf Compliance Capabilities IBM Compliance Accelerators provide select pre-loaded regulations, standards, and frameworks from around the globe, enabling users to identify relevant obligations and map them onto their own AI use cases. Content covers key regulations like the EU AI Act, the U.S. Federal Reserve's SR 11-7, and New York City Local Law 144, along with global standards like ISO/IEC 42001 and frameworks like the NIST AI RMF. Compliance Accelerators is available now as an add-on. Expertise to Scale AI Responsibly To help clients scale AI responsibly, IBM Consulting Cybersecurity Services is introducing a new set of services that brings together data security platforms, like IBM Guardium AI Security, with deep AI technology and domain consulting. The new services will support organizations through their AI transformation journey: from discovering AI deployments and potential vulnerabilities, to implementing secure-by-design practices across AI layers, to governance guidance for a constantly evolving regulatory landscape. The new services build on IBM Consulting's experience helping hundreds of clients worldwide on AI strategy and governance, including Nationwide Building Society and e&. To provide AWS clients with increased value and convenience, is now also available on AWS data center in India with enhanced model monitoring capabilities. Today's new capabilities and integrations give businesses the comprehensive governance and security they need to thrive in the agentic AI era. The innovations also dovetail with IBM's broader suite of IBM watsonx AI solutions, built to help companies accelerate the impact of generative AI, responsibly and securely. About IBM IBM is a leading provider of global hybrid cloud and AI, and consulting expertise. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs, and gain a competitive edge in their industries. Thousands of governments and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM's hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently, and securely. IBM's breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and consulting deliver open and flexible options to our clients. All of this is backed by IBM's long-standing commitment to trust, transparency, responsibility, inclusivity, and service. Visit for more information. Media contacts: Michele Brancati Communications, IBM Software [email protected] Kevin Zawacki Communications, IBM Software [email protected] SOURCE IBM
