How Shadow AI Costs Companies $670K Extra: IBM’s 2025 Breach Report

The numbers tell a stark story. While IBM’s latest Cost of a Data Breach Report reveals that global breach costs have dropped to $4.44 million—the first decline in five years—U.S. organizations face a record-breaking $10.22 million average. But buried within these headlines lies a more troubling reality: 83% of organizations operate without basic controls to prevent data exposure to AI tools, according to research from Kiteworks.

This paradox captures the current state of enterprise security. As AI helps reduce breach detection time by 80 days, it simultaneously creates massive new vulnerabilities that most organizations can’t see, let alone control. Shadow AI incidents now account for 20% of all breaches, while 27% of organizations report that over 30% of their AI-processed data contains private information—from customer records to trade secrets.

Perhaps most alarming: only 17% of companies have technical controls capable of preventing employees from uploading confidential data to public AI tools. The remaining 83% rely on training sessions, warning emails, or nothing at all. Organizations find themselves caught in a dangerous gap between rapid AI adoption and security implementation, creating unprecedented compliance and data security risks that existing frameworks weren’t designed to handle.

State of AI-Driven Data Security Threats

Shadow AI Epidemic

The distinction between sanctioned and unsanctioned AI has become one of the most critical security differentiators. IBM’s research reveals that shadow AI breaches cost organizations $670,000 more than average—$4.63 million versus $3.96 million for standard incidents. More concerning, these shadow AI incidents represent 20% of all breaches, compared to just 13% for sanctioned AI systems.

The data exposure patterns are particularly troubling. When shadow AI incidents occur, 65% involve compromise of customer personally identifiable information (PII), significantly higher than the global average of 53%. These breaches predominantly affect data stored across multiple environments (62%), highlighting how shadow AI creates vulnerabilities that span an organization’s entire infrastructure.

Kiteworks’ research adds crucial context to these findings. With 86% of organizations blind to AI data flows, the average enterprise unknowingly hosts 1,200 unofficial applications creating potential attack surfaces. More alarming still, 52% of employees actively use high-risk OAuth applications that can access and exfiltrate company data. This shadow IT sprawl means that even organizations claiming comprehensive AI governance likely have over a thousand backdoors they don’t know exist.

Governance Illusion

Perhaps nowhere is the disconnect between perception and reality more pronounced than in AI governance. While 33% of executives claim comprehensive AI usage tracking, independent research from Deloitte shows only 9% have working governance systems. Gartner’s analysis is even more sobering: merely 12% of organizations have dedicated AI governance structures in place.

This overconfidence gap—where companies overestimate their capabilities by over threefold—manifests in real security failures. IBM found that 63% of breached organizations lack AI governance policies entirely. Among those that experienced AI-related breaches, a staggering 97% lacked proper access controls. Even basic security hygiene is absent: only 32% of organizations perform regular AI model audits.

The implications ripple throughout the security ecosystem. Without governance, organizations can’t track which AI systems process sensitive data, can’t enforce consistent security policies, and can’t demonstrate compliance during audits. They’re essentially flying blind while convinced they have clear visibility.

Attack Vector Evolution

Traditional attack vectors haven’t disappeared—they’ve evolved. Phishing remains the top initial attack vector at 16% of breaches, carrying an average cost of $4.8 million. But the game has fundamentally changed. Generative AI has reduced the time needed to craft a convincing phishing email from 16 hours to just 5 minutes, enabling attackers to operate at unprecedented scale and sophistication.

IBM’s data reveals that 16% of breaches now involve AI-driven attacks, with AI-generated phishing comprising 37% of these incidents. Supply chain compromise, often involving file transfer systems and third-party integrations, accounts for 15% of breaches at an average cost of $4.91 million. These supply chain attacks take the longest to detect and contain—267 days on average—because they exploit trust relationships between organizations and their vendors.

The convergence of AI capabilities and traditional attack methods creates a multiplier effect. Attackers use AI to enhance reconnaissance, craft more believable social engineering campaigns, and identify vulnerabilities faster than defenders can patch them. Meanwhile, the same AI tools that organizations adopt for efficiency become new attack surfaces themselves.

Data Exposure: The New Normal

Classification Crisis

The types of data at risk paint a concerning picture of what organizations stand to lose. IBM’s analysis shows customer PII dominates breach incidents at 53%, costing $160 per compromised record. Employee PII follows at 37% of breaches ($168 per record), while intellectual property—though compromised in only 33% of incidents—carries the highest cost at $178 per record.

Kiteworks’ industry-specific analysis reveals how pervasive this exposure has become. The technology sector leads with 27% of companies reporting that over 30% of their AI-processed data is private or sensitive. Healthcare, finance, and manufacturing closely follow at 26% each. Even the legal sector, whose very existence depends on confidentiality, shows 23% of firms processing extreme levels of sensitive data through AI tools.

Most troubling is the universal nature of this problem. Approximately 17% of organizations across every industry vertical openly admit they have no idea how much sensitive data employees share with AI platforms. This isn’t limited to unprepared companies or specific sectors—it’s an epidemic affecting everyone from government agencies to life sciences firms.

Storage Location Vulnerabilities

Where data lives significantly impacts both breach costs and detection times. IBM’s research demonstrates clear cost differentials: breaches involving data stored across multiple environments average $5.05 million—the highest of any configuration. Private cloud breaches cost $4.68 million, public cloud incidents average $4.18 million, while on-premises breaches are comparatively lower at $4.01 million.

These cost differences correlate directly with detection complexity. Cross-environment breaches take 276 days to identify and contain—59 days longer than on-premises incidents. Private cloud breaches require 247 days, while public cloud incidents average 251 days. The pattern is clear: as data sprawls across multiple platforms, security teams lose visibility and control, leading to longer exposure periods and higher costs.

The challenge intensifies when AI enters the equation. Shadow AI incidents predominantly affect data stored across multiple environments and public clouds (62%), according to Kiteworks. This creates a perfect storm where the hardest-to-secure configurations face the highest risk from ungoverned AI tools.

Credential Time Bomb

Credential exposure represents a uniquely dangerous aspect of AI-related risks. Kiteworks found that employees routinely share usernames, passwords, and access tokens with AI assistants to “streamline workflows.” Each exposed credential becomes a potential backdoor into company systems, with a median remediation time of 94 days—over three months of open access for potential attackers.

The scope of this exposure is staggering. Organizations average 15,000 “ghost users”—stale but enabled accounts that retain full system access. Add 176,000 inactive external identities in the typical enterprise, and the attack surface becomes enormous. These dormant credentials, when shared with AI systems, create persistent vulnerabilities that can be exploited long after an employee leaves or a contractor’s engagement ends.

Platform-specific risks compound the danger. Varonis research shows 90% of organizations have sensitive files exposed through Microsoft 365 Copilot, with an average of 25,000+ sensitive folders accessible to anyone who asks the right prompt. In Salesforce environments, 100% of deployments have at least one account capable of exporting all data. These aren’t theoretical vulnerabilities—they’re active exposure points where a single misguided query can surface years of confidential information.

Compliance: The Regulatory Tsunami

The Enforcement Acceleration

The regulatory landscape has shifted dramatically. U.S. agencies issued 59 AI regulations in 2024—more than double the previous year. Globally, 75 countries increased AI legislation by 21%. Yet despite this regulatory surge, only 12% of companies list compliance violations among their top AI concerns, according to Kiteworks. This disconnect between regulatory acceleration and organizational awareness creates a compliance time bomb.

IBM’s fine statistics underscore the financial reality. Among breached organizations, 32% paid regulatory fines, with 48% of these exceeding $100,000. A quarter of organizations paid fines over $250,000, with U.S. companies facing the highest penalties—a key driver of America’s record-breaking breach costs.

The compliance challenge extends beyond mere fines. Organizations face reputational damage, operational restrictions, and potential criminal liability for executives. Each day of non-compliance compounds the risk, especially as regulators develop more sophisticated detection methods and information-sharing agreements.

Specific Compliance Violations

Current AI practices violate specific regulatory provisions daily. GDPR Article 30 requires maintaining records of all processing activities—impossible when organizations can’t track AI uploads. CCPA Section 1798.130 mandates the ability to track and delete personal information upon request, but companies don’t know which AI systems contain their data.

HIPAA‘s requirements under § 164.312 demand comprehensive audit trails for all electronic protected health information (ePHI) access. This becomes unachievable with shadow AI, where healthcare workers share patient data through personal devices and unsanctioned applications. Similarly, SOX compliance requires financial data controls that AI usage completely bypasses when employees paste quarterly results into ChatGPT for analysis.

The audit gap becomes critical when paired with identity management failures. With 60% of companies blind to their AI usage, they can’t respond to customer data requests, prove compliance during audits, or investigate breaches. Only 10% of companies have properly labeled their files—a fundamental requirement for GDPR Article 5 and HIPAA Privacy Rule compliance. Without proper data classification, organizations cannot demonstrate lawful processing, respond to deletion requests, or prove they’ve protected sensitive information according to its risk level.

Industry Paradoxes: No Safe Harbor

Healthcare’s Dangerous Delusion

Healthcare organizations face perhaps the starkest contradiction between requirements and reality. HIPAA requires tracking 100% of patient data access, yet only 35% of healthcare organizations can see their AI usage. Every untracked ChatGPT query containing patient information violates federal law, creating massive liability exposure.

The Varonis data adds another layer of concern: 90% of healthcare organizations have protected health information (PHI) exposed through AI copilots, with an average of 25,000+ unprotected folders containing sensitive patient data. Despite these vulnerabilities, only 39% of healthcare executives even recognize AI as a security threat—the lowest awareness level of any industry.

This complacency carries a steep price. Healthcare breaches cost an average of $7.42 million and take 279 days to resolve—over five weeks longer than the global average. The organizations trusted with life-and-death data operate with less security than retail stores, creating a paradox where the highest-stakes data receives the lowest protection.

Financial Services’ Knowledge-Action Gap

Banks and investment firms demonstrate the widest gap between awareness and action. They show the highest concern about data leaks at 29% but match the lowest implementation of technical controls at just 16%. Despite handling account numbers, transactions, and financial records, 39% admit sending substantial private data to AI tools.

This disconnect manifests in breach costs averaging $5.56 million for financial services—well above the global average. Financial institutions know the risks: they understand regulatory requirements, face strict compliance mandates, and operate in a highly scrutinized environment. Yet they consistently choose speed and convenience over security, believing they can manage the risk through policies and procedures rather than technical controls.

Technology Sector’s Credibility Crisis

The technology sector’s position reveals the deepest irony. While 100% of tech companies build AI products and services, only 17% protect against their own employees’ AI risks—an 83% hypocrisy gap. These same firms teaching others about AI safety operate without basic controls, undermining their credibility when breaches inevitably occur.

Technology companies report the highest rate of extreme data exposure, with 27% acknowledging that over 30% of their AI-processed data is private or sensitive. At an average breach cost of $4.79 million, these incidents damage not just finances but market position and customer trust. The sector selling AI security solutions can’t secure its own AI usage—a credibility crisis that threatens the entire industry’s reputation.

Supply Chain/File Transfer Connection

Third-Party Multiplier Effect

Supply chain vulnerabilities have emerged as a critical weakness in AI security. IBM reports that supply chain compromise accounts for 15% of breaches at an average cost of $4.91 million. These incidents take the longest to detect and contain—267 days—because they exploit trust relationships that security tools struggle to monitor.

The third-party risk has exploded: involvement in breaches doubled from 15% to 30% in just one year. Even more concerning, 44% of zero-day attacks now target managed file transfer systems—the very platforms organizations use for AI data exchange. Each third-party AI tool multiplies exposure exponentially, creating cascading vulnerabilities across partner networks.

API/Plugin Problem

Shadow AI’s supply chain manifests primarily through compromised apps, APIs, and plugins. Kiteworks found that 30% of AI security incidents occur via these third-party integrations, creating ripple effects throughout organizations. These incidents result in 60% data compromise rates and 31% operational disruption—far exceeding the impact of direct attacks.

SaaS-delivered AI represents the highest risk source, accounting for 29% of AI security incidents. Organizations can’t track data flowing through third-party AI services, can’t control how it’s processed or stored, and can’t retrieve it once shared. The convenience of plug-and-play AI solutions comes with invisible strings attached—each integration potentially exposing years of accumulated data to unknown risks.

Solutions and the Path Forward

Technology-First Imperative

IBM’s cost data provides clear direction: technical controls deliver measurable security improvements. Organizations using AI and automation extensively save $1.9 million per breach ($3.62 million versus $5.52 million for non-users). DevSecOps approaches reduce costs by $227,000, while SIEM implementation saves $212,000.

Yet Kiteworks’ reality check is sobering: only 17% of organizations have automated blocking and scanning capabilities. The remaining 83% rely on human-dependent controls that fail consistently across every industry. Training doesn’t stop uploads. Policies don’t prevent sharing. Warnings don’t block data exposure. Only technical controls provide real protection.

Four Critical Actions

Organizations must take four immediate steps to address the AI security crisis:

1. Face Reality First: Close the 300% overconfidence gap between perceived and actual capabilities. Audit real AI usage patterns, not theoretical frameworks. Track and control inputs as rigorously as outputs. Accept that employees are already sharing sensitive data and work backward from that reality.

2. Deploy Technical Controls: Human-dependent measures have failed across every industry studied. Automated blocking and scanning represent the minimum viable protection for AI-era threats. Organizations must implement controls that operate at machine speed, blocking unauthorized uploads before data exposure occurs. If you can’t stop the upload, you’ve already lost.

3. Establish Data Governance Command Centers: Disconnected security creates cascading failures. Organizations need unified governance platforms that track every data movement, enforce classification policies, and maintain audit trails across all AI touchpoints. This isn’t about adding another dashboard—it’s about creating forensic-quality records that satisfy regulatory requirements while enabling secure AI adoption.

4. Gain Total Visibility: Without knowing what data flows where, compliance becomes impossible and risk management becomes fiction. Real-time AI monitoring must span cloud, on-premises, and shadow IT environments. Data lineage tracking must extend from initial creation through AI processing to final outputs. Platform-specific controls for Microsoft 365, Salesforce, and other major systems aren’t optional—they’re survival requirements.

Conclusion: The Current State Demands Action

The data presents an unambiguous picture: organizations operate in a state of dangerous delusion regarding AI security. The collision of explosive AI adoption, surging security incidents, and accelerating regulation has created an unprecedented risk environment that traditional security approaches cannot address.

Model contamination is permanent—every piece of sensitive data shared with AI systems today becomes embedded in ways that can’t be undone. The 49% of organizations planning security investments post-breach (down from 63% last year) suggests a troubling complacency. Only 45% plan to invest in AI-driven security solutions, even as AI-driven attacks proliferate.

No industry has found safe harbor. Healthcare’s compliance requirements haven’t prevented widespread PHI exposure. Financial services’ awareness hasn’t driven better controls. Technology companies’ expertise hasn’t protected their own data. Government agencies’ responsibilities haven’t ensured citizen data protection. The universal failure across sectors proves that external pressure alone won’t drive necessary changes.

The findings reveal not a future crisis but a present reality. With 83% of organizations lacking basic technical controls, 27% hemorrhaging sensitive data to AI systems, and 97% of AI-breached organizations operating without proper access controls, the question isn’t whether incidents will occur but how severe they’ll be. Organizations must recognize that their current approach—built on trust, training, and hope—has already failed. Only immediate implementation of technical controls, comprehensive governance, and total visibility can address the AI security crisis revealed by these reports.

Additional Resources

• Blog Post Zero Trust Architecture: Never Trust, Always Verify
• Video How Kiteworks Helps Advance the NSA’s Zero Trust at the Data Layer Model
• Blog Post What It Means to Extend Zero Trust to the Content Layer
• Blog Post Building Trust in Generative AI with a Zero Trust Approach
• Video Kiteworks + Forcepoint: Demonstrating Compliance and Zero Trust at the Content Layer