India Sees Costliest Data Breaches Amid Weak AI Rules

Post by : Jyoti Singh

Photo: Reuters

Indian Companies Struggle with AI Safety as Data Breach Costs Soar. A new report has revealed worrying news about the state of cybersecurity in India. According to IBM’s Cost of a Data Breach Report 2025, nearly 60% of Indian organisations still do not have proper rules or safety policies in place to manage the fast-growing use of artificial intelligence (AI) tools. Even those that do are mostly still working on finalising them.

This shows a big problem: AI is being used more and more but companies are not ready to protect themselves from new threats that come with it.

What the Report Found

The report shared by IBM shows that the average cost of a data breach in India in 2025 has reached ₹220 million — the highest ever recorded. This is a sharp 13% increase from last year’s cost of ₹195 million.

This rising cost shows that cyber attacks — like hacking, stealing data, or breaking into systems — are becoming more dangerous and more expensive for companies in India.

AI Use is Growing — But Safety is Not

The report says that many Indian businesses are starting to use AI tools for their daily work. These tools help them work faster, make decisions, and handle large amounts of data. But here’s the problem: while companies are quick to use new technology they are slow to set up safety controls to protect it.

Globally too, IBM warns that the use of AI is growing faster than the rules and safety systems needed to protect it. This makes it easier for cybercriminals to attack companies using poorly managed or unsecured systems.

Shadow AI: A Hidden Threat

One of the biggest risks mentioned in the report is shadow AI. This means people inside companies are using AI tools without permission or without telling anyone. These hidden tools are not checked or protected — and that makes them easy targets for hackers.

Only 42% of Indian organisations said they have any rules in place to find or stop shadow AI. Even fewer — just 37%— have strong controls on who can access AI tools in the first place.

Shadow AI is not just risky — it’s also expensive. The report shows that when shadow AI is involved, the extra cost of a data breach goes up by an average of ₹17.9 million.

Yet, most Indian companies are still not taking strong steps to stop this kind of behaviour or secure these systems.

Most Common Causes of Data Breaches

The report also looked at how most data breaches happen in India. The top causes were:

1. Phishing Attacks– 18%

(Tricking someone into giving away passwords or other private info)

2. Third-Party and Supply Chain Attacks– 17%

(Hackers getting in through another company that works with the business)

3. Exploiting Software Weaknesses – 13%

(Taking advantage of bugs or flaws in the software to break in)

These kinds of attacks are often simple but effective and many Indian firms are not fully prepared to stop them.

Industries Hit the Hardest

Some industries are facing higher risks and higher costs than others. According to the report, the top three sectors with the highest average cost per breach in 2025 were:

• Research – ₹289 million

• Transportation – ₹288 million

• Industrial and Manufacturing – ₹264 million

These sectors handle important and sensitive information, so when they are attacked, the damage is big — both financially and in terms of trust.

Security Tools That Can Help – But Are Not Used Enough

The report also highlighted a surprising fact. Many advanced tools can help stop attacks early or reduce the damage, especially tools powered by modern technology that can quickly detect and respond to unusual activity. But despite this, 73% of Indian companies said they use little or none of these tools.

Experts believe that if these tools were used properly, they could cut breach costs in half. But for now, most companies either don’t invest enough in them or don’t know how to use them effectively.

Why This Matters

This report is an eye-opener for Indian businesses. It shows that while technology is moving fast the rules, safety, and awareness needed to use it properly are falling behind.

When companies use powerful tools without proper safety, they open themselves to risks. And when these tools are used secretly or without training, the risk becomes even worse.

The rising cost of data breaches is not just a number — it reflects real damage to businesses, their customers, and their reputation. It also shows how cybersecurity needs to become a priority for Indian firms of all sizes.

What Can Be Done

To fix this problem, experts say Indian companies need to:

1. Create and enforce clear safety policies for using AI tools

2. Train employees to understand cyber risks and avoid mistakes

3. Monitor and control access to AI systems

4. Find and stop shadow AI inside their organisations

5. Invest in modern tools that help detect and respond to threats early

6. Work closely with trusted partners to fix software flaws and keep systems updated

If companies take these steps, they can not only reduce the cost of future attacks but also build more trust with customers, partners, and the public.

India’s digital growth story is strong, and its businesses are eager to adopt the latest tools. But as this report shows, growth without protection can be dangerous.

With data breaches becoming more common and expensive, the time to act is now. Indian organisations must treat cybersecurity as a serious and ongoing responsibility especially when using powerful technologies like AI.

Only then can they truly benefit from progress without putting themselves, their customers, or the nation at risk.

AI Governance Policy