The average cost of a data breach in India has climbed to ₹220 million in 2025, representing a 13% increase compared to last year, according to IBM’s newly released Cost of a Data Breach Report. The study highlights a growing gap between the rapid adoption of AI technologies by Indian enterprises and the lagging implementation of critical security and governance frameworks, leaving organizations increasingly vulnerable to sophisticated cyber threats.
Notably, this year’s edition of the report is the first to analyze AI-specific security risks, including access controls and governance policies. The findings are concerning: only 37% of Indian organisations have implemented AI access controls, while nearly 60% lack a formal AI governance strategy or are still working on developing one.
“India’s accelerating AI adoption brings immense opportunity, but it’s also exposing enterprises to new and complex cyber threats. The report revealed a gap, while AI is being rapidly embedded across business operations, security and governance are being left behind. The absence of access controls and AI governance tools are not just a technical oversight, it’s a strategic vulnerability. CISOs must act decisively – embedding trust, transparency, and governance into AI systems by design,” said Viswanath Ramaswamy, Vice President, Technology, IBM India & South Asia.
The report, which draws on insights from nearly 6,500 data breach cases over the past two decades, indicates that today’s threat landscape is increasingly digital. It underscores the role of AI-powered attacks and unregulated AI deployment in amplifying the scale and complexity of cyber incidents.
The study comes at a critical juncture as India continues its aggressive digital transformation push, particularly with AI integration across sectors. While this opens doors to innovation and efficiency, inadequate cybersecurity practices around AI could result in substantial financial and reputational damage.
The message from IBM is clear: AI without proper governance is a strategic risk. Organizations must not only adopt AI for business gains but also build secure, transparent, and trustworthy systems to protect against evolving digital threats.
