The average cost of an organisation for a data breach has risen 13 per cent to Rs 22 crore in 2025 from Rs 19.5 crore in the year-ago period, according to a report released on Thursday.

Illustration: Uttam Ghosh

However, despite the surge in costs, the security in artificial intelligence is still lacking, the report by global tech major IBM said.

Phishing, or the act of sending fraudulent communication to extract personal information, is the top attack vector, with the usage in 18 per cent of incidents, followed by third-party vendor and supply chain promises at 17 per cent, while vulnerability exploitations accounted for 13 per cent.

The research sector in India faced the highest impact from data breaches, with average cost reaching Rs 28.9 crore, closely followed by the transportation industry at Rs 28.8 crore and the industrial sector at Rs 26.4 crore.

Amid the widespread use of AI, it said nearly 60 per cent of the breached organisations either don’t have an AI governance policy or are still developing a policy.

Organisations are bypassing security and governance for AI in favour of do-it-now AI adoption, the IBM report said.

“While AI is being rapidly embedded across business operations, security and governance are being left behind.

“The absence of access controls and AI governance tools is not just a technical oversight; it’s a strategic vulnerability,” Viswanath Ramaswamy, vice president, technology at IBM India and South Asia, said.

The company has come up with the ‘Cost of a Data Breach Report’ for the last two decades, and has investigated nearly 6,500 data breaches for the same.

The average breach lifecycle, which is the mean time to identify and contain a breach, including restore services, dropped by 15 days to 263 days in India in 2025, it said.