Nearly 60% of Indian organisations either lack an artificial intelligence (AI) governance policy or are still in the process of developing one, per a new IBM report. 

The report titled ‘Cost of a Data Breach Report 2025’ highlights a worrying gap between rapid AI adoption and lagging security controls, raising fresh concerns about the strategic readiness of Indian enterprises to handle AI-related cyber threats.

IBM’s report also revealed that the average cost of a data breach in India has reached an all-time high of ₹220 million in 2025, marking a 13% increase over last year’s figure of ₹195 million. 

The surge reflects rising cyber risks across industries, particularly as organisations integrate AI tools without corresponding investments in governance and access control. 

Globally, IBM noted that while AI adoption is booming, it is increasingly outpacing security protocols, making ungoverned AI systems attractive targets for threat actors.

In India, only 37% of surveyed organizations have implemented AI access controls, and just 42% reported having policies to manage or detect “shadow AI” — the unauthorised use of AI tools and applications. 

Notably, shadow AI emerged as one of the top three cost drivers of breaches, adding an average of INR 17.9 million to the total impact. Despite this, most organisations have yet to adopt dedicated safeguards to monitor or contain these hidden vulnerabilities.

Phishing continues to be the most common cause of data breaches in India, accounting for 18% of incidents. This is followed closely by third-party and supply chain compromises (17%), and vulnerability exploitation (13%).

Among industries, the research sector bore the highest average breach cost at ₹289 million, followed by transportation (₹288 million) and industrial organizations (₹264 million). Despite evidence that AI-driven security tools can more than halve breach costs, 73% of Indian organizations surveyed reported limited or no use of AI-based security automation.