- BENGALURU: According to a latest report published, The cost of a data breach in India has climbed to an unprecedented ₹220 million in 2025, a 13% jump from last year, The findings of the study reveal that while artificial intelligence is being rapidly woven into business operations, security and governance are lagging far behind, leaving organizations exposed to emerging, complex cyber threats. Only 37% of companies enforce AI access controls, and nearly 60% lack formal governance policies or are still developing a policy. Of the organizations that have AI governance policies in place, only 34% use AI governance technology. This year’s results show that organizations are bypassing security and governance for AI in favor of do-it-now AI adoption, forgetting that ungoverned systems are more likely to be breached and more costly when they are.
The Cost of Shadow AI and Data Breaches
Shadow AI is the use of AI tools and applications without oversight from the organization’s IT department, was among the top 3 cost drivers of a breach in India, adding INR 17.9 million to the cost of a breach on average. Despite this, it was found that only 42% have policies to manage AI or detect shadow AI. In India, the average total organizational cost of a data breach was INR 220 million in 2025, which is about 13% higher than in 2024, when it was INR 195 million. Phishing remained the top attack vector in India, responsible for 18% of breaches, followed closely by third-party vendor or supply chain compromises (17%) and exploitation of software vulnerabilities (13%).
FCRF Launches India’s Premier Certified Data Protection Officer Program Aligned with DPDP Act
Research Sector Bears the Heaviest Losses
Among industries, the research sector recorded the highest breach costs at ₹289 million, narrowly surpassing transportation (₹288 million) and industrial firms (₹264 million). Despite a slight improvement in response times, breach lifecycles dropped to 263 days. The report has found that 73% of organizations still make limited or no use of AI-driven security automation, even though it can cut breach costs by more than half. The report underscores a dramatic shift as breaches once dominated by physical risks are now firmly rooted in the digital realm. Today’s threat landscape is highly targeted, fueled by a wide spectrum of malicious actors and sophisticated attack methods. The rise of AI, interconnected systems, and vast data networks has expanded both the opportunities for innovation and the avenues for exploitation, making modern breaches faster, stealthier, and costlier than ever.