IBM: 51% of data breaches resulted from malicious attacks. AI both an enabler and a remedy

Global research from IBM and Ponemon Institute revealed how AI has greatly outpaced security and governance in favor of do-it-now adoption. Findings show that ungoverned AI systems are more likely to be breached and more costly when they are.

51% of all data breaches globally were the result of a malicious or criminal attack.  The cost of a data breach, globally, decreased by 9%, but in the United States, it was up significantly

Sponsor ad

AI-related highlights

16% of data breaches involved attackers using AI, most often for AI-generated phishing (37%) and deepfake impersonation attacks (35%). IBM had previously found gen AI reduced the time needed to craft a convincing phishing email from 16 hours down to only five minutes.

Attackers can use generative AI (gen AI) to both perfect and scale their phishing campaigns and other social engineering attacks.

Furthermore:

• 97% of organizations that reported an AI-related security incident and lacked proper AI access controls.
• Malicious insider attacks resulted in breach costs of US$4.92 million. Third-party vendor and supply chain compromise followed closely at USD 4.91 million.
• 20% of respondents reported unauthorized or unmanaged AI tools (aka “shadow AI”) used by employees or departments without IT oversight, which added US$670k to the cost of a data breach
• 63% of organizations that lacked AI governance policies to manage AI or prevent the proliferation of shadow AI
• The use of AI in security drove a $1.9M cost savings, compared with organizations that didn’t use these solutions.

IBM recommends a range of best-practices to reduce the likelihood of data breaches, including:

• Identity management: Implementing strong operational controls for non-human identities (NHIs) and adopting modern, phishing-resistant authentication methods, such as passkeys, can significantly reduce the risk of credential abuse.
• Data security: Implement strong data security fundamentals: data discovery, classification, access control, encryption and key management. Leverage AI and data security to protect data integrity and avoid compromise.
• AI oversight and governance: Investing in integrated security and governance solutions allows organizations to gain visibility into all AI deployments (including shadow AI), mitigate vulnerabilities, protect prompts and data and use observability tools to improve compliance and detect anomalies.
• Security automation: As attackers use AI for more adaptive attacks, security teams must also embrace AI technologies. AI-powered security tools and services can reduce alert volume, identify at-risk data, spot security gaps, detect breaches early and enable faster, more precise responses.
• Defending against cyber threats: Building resilience translates to quick detection and containment of security issues. Effective crisis response means regularly testing incident response (IR) plans and backups, defining clear roles in the event of a breach and conducting crisis simulations.