{"id":23896,"date":"2025-07-31T16:47:11","date_gmt":"2025-07-31T16:47:11","guid":{"rendered":"https:\/\/insurance-canada.ca\/?p=83572"},"modified":"2025-07-31T16:47:11","modified_gmt":"2025-07-31T16:47:11","slug":"canadians-data-security-under-increased-threat-while-breach-costs-surge-ibm","status":"publish","type":"post","link":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/2025\/07\/31\/canadians-data-security-under-increased-threat-while-breach-costs-surge-ibm\/","title":{"rendered":"Canadians\u2019 Data Security Under Increased Threat, While Breach Costs Surge: IBM"},"content":{"rendered":"<h3><strong>AI Can Help Businesses Save Millions and Protect Consumer Data<\/strong><\/h3>\n<ul>\n<li>Canadian businesses are losing&nbsp;<strong>CA$6.98 million<\/strong>&nbsp;on average to data breaches, with impacts trickling down to consumers.<\/li>\n<li>Shadow AI is driving up risks, adding&nbsp;<strong>CA$308,000 per breach&nbsp;<\/strong>for Canadian businesses and increasing the likelihood of sensitive data exposure.<\/li>\n<li>Adopting security&nbsp;<strong>AI and automation extensively reduced breach costs<\/strong> to CA$5.19 million, compared to CA$8.53 million for those organizations not using these technologies<\/li>\n<\/ul>\n<p>Markham, ON (July 30, 2025) \u2013 Data breaches in Canada are becoming more costly and complex, with organizations paying an average of <strong>CA$6.98 million<\/strong>&nbsp;per breach in 2025, according to the latest&nbsp;<strong>IBM<\/strong>&nbsp;<strong>Cost of a Data Breach Report<\/strong>, which reveals AI adoption is greatly outpacing AI security and governance.&nbsp;This represents a <strong>10.4% increase<\/strong>&nbsp;from CA$6.32 million in 2024, reflecting the growing financial impact of security incidents. Among the report\u2019s findings is the rise of unsanctioned AI\u2013&nbsp; known as&nbsp;<strong>Shadow AI<\/strong> \u2013 which amplify risks, escalate costs, and expose sensitive consumer data. Often introduced by employees using unapproved AI systems, shadow AI creates vulnerabilities and compliance issues for businesses.&nbsp;While the overall number of organizations experiencing an AI-related breach is a small representation of the researched population, this is the first time security, governance and access controls for AI have been studied in this report, which suggests AI is already an easy, high-value target.<\/p>\n<ul type=\"disc\">\n<li>13% of organizations reported breaches of AI models or applications, while 8% of organizations reported not knowing if they had been compromised in this way.<\/li>\n<li>Of those compromised, 97% report not having AI access controls in place.<\/li>\n<li>As a result, 60% of the AI-related security incidents led to compromised data and 31% led to operational disruption.<\/li>\n<\/ul>\n<p>The report emphasizes the critical role of security&nbsp;<strong>AI and automation<\/strong>&nbsp;in reducing breach costs and improving detection efficiency. Organizations extensively using security AI and autonomation report average breach costs of&nbsp;<strong>CA$5.19 million<\/strong>, compared to&nbsp;<strong>CA$8.53 million<\/strong>&nbsp;for those not using these tools. Additionally, these technologies helped organizations achieve faster detection and containment, shortening breach lifecycles by&nbsp;<strong>59 days for those using them extensively<\/strong>.<\/p>\n<p>\u201cCybersecurity isn\u2019t just about protecting data \u2014 it is about protecting your business\u2019s bottom line and reputation,\u201d said Daina Proctor, Security Delivery Leader, IBM Canada. \u201cThis report shows that organizations using AI and automation are saving millions and detecting breaches much faster, but gaps in AI security and governance, like the use of shadow AI, are leaving businesses exposed to unnecessary risks. By investing in AI tools and building clear AI policies, companies can take control of their security and stay ahead of emerging threats.\u201d<\/p>\n<p><strong>Key Findings in Canada for 2025<\/strong><\/p>\n<ul>\n<li><strong>Overexposed AI<\/strong>: One in three Canadian businesses reported not having access controls on AI systems, positioning them as easy, high-value targets.<\/li>\n<li><strong>Shadow AI Risks:<\/strong>&nbsp;The use of shadow AI was also found to be a top breach cost driver for Canadian businesses, with breaches involving shadow AI increasing costs by&nbsp;<strong>$308,000<\/strong>.<\/li>\n<li><strong>Phishing Scams:<\/strong>&nbsp;The most common initial attack vector, phishing scams cost Canadian organizations an average of&nbsp;<strong>CA$7.91 million per breach<\/strong>, a&nbsp;<strong>24% increase<\/strong>&nbsp;from CA$6.38 million in 2024.<\/li>\n<li><strong>Industry Impacts:<\/strong>\n<ul>\n<li>The financial sector leads breach costs at&nbsp;<strong>CA$9.97 million in 2025<\/strong>, a&nbsp;<strong>7.4% increase<\/strong>&nbsp;from CA$9.28 million in 2024, reflecting the high sensitivity and value of financial data.<\/li>\n<li>Pharmaceutical breaches cost&nbsp;<strong>CA$7.99 million<\/strong>, incidents across this sector have the potential to expose intellectual property and delay treatments by impacting supply.<\/li>\n<li>Breaches in the industrial sectors cost an average of&nbsp;<strong>CA$8.39 million<\/strong>, as these organizations have a low tolerance for downtime, making them easy targets for attackers.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><strong>How AI is Transforming Cybersecurity Operations<\/strong><\/p>\n<p>The report highlights that organizations extensively&nbsp;<strong>adopting AI and automation<\/strong>&nbsp;across their security operations centre (SOC) see significant financial benefits. AI tools automate manual cybersecurity tasks, including across threat detection and response, allowing security teams to focus on higher-priority initiatives.<\/p>\n<p>Security automation accelerates response times and reduces the impact of breaches. Organizations using these tools extensively reported faster breach identification, with the&nbsp;<strong>Mean Time to Identify (MTTI)<\/strong>&nbsp;reduced to&nbsp;<strong>118 days<\/strong>, compared to&nbsp;<strong>162 days<\/strong>&nbsp;for organizations not using these technologies.<\/p>\n<p><strong>What It Means for Canadians<\/strong><\/p>\n<p>Data breaches are not just a corporate issue \u2013 they affect everyone. When organizations lose millions to cyberattacks, it impacts Canadians through:<\/p>\n<ul>\n<li><strong>Higher Costs for Goods and Services:<\/strong>&nbsp;Businesses often pass on breach costs to consumers by increasing the prices of their goods or services.<\/li>\n<li><strong>Stolen Personal Data:<\/strong>&nbsp;Breaches frequently expose personal information, including banking details, health records, and more.<\/li>\n<li><strong>Service Disruptions:<\/strong>&nbsp;Breaches can lead to delays in shipments, cancelled appointments, and interruptions in critical services.<\/li>\n<\/ul>\n<p><strong>Recommendations for Canadian Businesses<\/strong><\/p>\n<ol>\n<li><strong>Govern and Secure AI Systems:<\/strong>&nbsp;Develop policies to manage the use of AI, prevent shadow AI, and ensure compliance with privacy laws.<\/li>\n<li><strong>Invest in Security Automation:<\/strong>&nbsp;Use AI tools to detect and contain breaches faster.<\/li>\n<li><strong>Connect security for AI and governance for AI:&nbsp;<\/strong>Investing in integrated security and governance software can help organizations automatically discover and govern shadow AI.<\/li>\n<li><strong>Expand Employee Training:<\/strong>&nbsp;Strengthen security awareness programs to minimize human error.<\/li>\n<\/ol>\n<p><strong>Additional sources:&nbsp;&nbsp;<\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/www.ibm.com\/reports\/data-breach\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Download<\/a>&nbsp;a copy of the&nbsp;2025 Cost of a Data Breach Report to learn more.<\/li>\n<li><a href=\"https:\/\/ibm.webcasts.com\/starthere.jsp?ei=1726278&amp;tp_key=0445cec615\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Sign up<\/a>&nbsp;for the 2025 IBM Cost of a Data Breach webinar on Wednesday, August 13, 2025, at 11:00 a.m. ET.<\/li>\n<li>Read more about the report\u2019s top findings in <a href=\"https:\/\/insurance-canada.ca\/2025\/07\/31\/ibm-navigating-ai-security\/\">IBM\u2019s blog post<\/a>.<\/li>\n<\/ul>\n<h3>U.S. breach costs rise to US$10.22 million, despite the global average cost of a breach decreasing to US$4.44 million<\/h3>\n<h4>Meanwhile, only 49% of breached organizations plan to invest in security<\/h4>\n<p>\u201cThe data shows that a gap between AI adoption and oversight already exists, and threat actors are starting to exploit it,\u201d said <strong>Suja Viswesan, Vice President, Security and Runtime Products, IBM<\/strong>. \u201cThe report revealed a lack of basic access controls for AI systems, leaving highly sensitive data exposed, and models vulnerable to manipulation. As AI becomes more deeply embedded across business operations, AI security must be treated as foundational. The cost of inaction isn\u2019t just financial, it\u2019s the loss of trust, transparency and control.\u201d<\/p>\n<p>However, the report did reveal that organizations using AI and automation extensively throughout their security operations saved an average <span class=\"xn-money\">$1.9 million<\/span> in breach costs and reduced the breach lifecycle by an average of 80 days.<\/p>\n<p>The 2025 report, conducted by Ponemon Institute, sponsored and analyzed by IBM, is based on data breaches experienced by 600 organizations globally from <span class=\"xn-chron\">March 2024<\/span> through <span class=\"xn-chron\">February 2025<\/span>. Key findings from the report around AI security and breaches, the financial cost of a breach, and operational disruption are as follows:<\/p>\n<p><b>Breaches and the AI era <\/b><\/p>\n<ul type=\"disc\">\n<li><b>AI Governance Policies.<\/b> 63% of breached organizations either don\u2019t have an AI governance policy or are still developing a policy. Of the organizations that have AI governance policies in place, only 34% perform regular audits for unsanctioned AI.<\/li>\n<li><b>The Cost of Shadow AI.<\/b> One in five organizations reported a breach due to shadow AI, and only 37% have policies to manage AI or detect shadow AI. Organizations that used high levels of shadow AI observed an average of <span class=\"xn-money\">$670,000<\/span> in higher breach costs than those with a low level or no shadow AI. Security incidents involving shadow AI led to more personally identifiable information (65%) and intellectual property (40%) being compromised compared to the global average (53% and 33% respectively).<\/li>\n<li><b>Smarter Attacks with AI<\/b>. 16% of breaches studied involved attackers using AI tools, most often for phishing or deepfake impersonation attacks.<\/li>\n<\/ul>\n<p><b>The Financial Cost of a Breach <\/b><\/p>\n<ul type=\"disc\">\n<li><b>Data Breach Costs<\/b>. The global average cost of a data breach fell to <span class=\"xn-money\">$4.44 million<\/span>, the first decline in five years, while the average U.S. cost of a breach reached a record <span class=\"xn-money\">$10.22 million<\/span>.<\/li>\n<li><b>Global Breach Lifecycles Hit Record Low<\/b>. The global average breach lifecycle (the mean time to identify and contain a breach, including restore services) dropped to 241 days, a 17-day reduction from the year prior, as more studied organizations detected the breach internally. Those organizations who detected the breach internally also observed a <span class=\"xn-money\">$900,000<\/span> savings on breach costs compared to those disclosed by an attacker.<\/li>\n<li><b>Healthcare Breaches Remain the Costliest<\/b>. Averaging <span class=\"xn-money\">$7.42 million<\/span>, healthcare breaches remained the most expensive across all studied industries, even as this sector saw a <span class=\"xn-money\">$2.35 million<\/span> reduction in costs compared to 2024. Breaches across this sector take the longest to identify and contain at 279 days, that\u2019s more than 5 weeks longer than the global average of 241 days.<\/li>\n<li><b>Ransom Payment Fatigue<\/b>. Last year, organizations pushed back against ransom demands, with more opting not to pay (63%) compared to the year prior (59%). As more organizations refuse to pay ransoms, the average cost of an extortion or ransomware incident remains high, particularly when disclosed by an attacker (<span class=\"xn-money\">$5.08 million<\/span>).<\/li>\n<li><b>Security Investments Stall Amid Rising AI Risks<\/b>. There was a significant reduction in the number of organizations that said they plan to invest in security following a breach, 49% in 2025 compared to 63% in 2024. Less than half of those that plan to invest in security post-breach will focus on AI-driven security solutions or services.<\/li>\n<\/ul>\n<p><b>The Long Tail of a Breach: Operational Disruption <\/b><\/p>\n<p>According to the 2025 IBM report, nearly all organizations studied suffered operational disruption following a data breach. This level of disruption is taking a toll on recovery timelines. Among organizations that reported recovery, most took more than 100 days on average to do so.<\/p>\n<p>However, the consequences of a breach continue to extend beyond containment. While down compared to the year prior, nearly half of all organizations reported that they planned to raise the price of goods or services because of the breach, and nearly one-third reported price increases of 15% or more.<\/p>\n<p><b>About the Cost of a Data Breach Report <\/b><\/p>\n<p>The Cost of a Data Breach Report has investigated nearly 6,500 data breaches over the past 20 years. Since the inaugural report in 2005, the nature of breaches has evolved dramatically. Back then, risk was largely physical. Today, the threat landscape is overwhelmingly digital and increasingly targeted, with breaches now driven by a spectrum of malicious activity.<\/p>\n<p>With the pace of enterprise AI adoption proliferating, for the first time, the Cost of a Data Breach research studied the state of security and governance for AI, the type of data targeted in security incidents involving AI, breach costs associated with AI-driven attacks, and the prevalence and risk profile of shadow AI (unregulated, unauthorized use of AI). Historical findings from past reports include the following:<\/p>\n<ul type=\"disc\">\n<li><b>2005:<\/b> nearly half (45%) of all data breaches were caused by lost or stolen computing devices, such as a laptop or thumb drive, and only 10% of breaches were due to hacked electronic systems.<\/li>\n<li><b>2015:<\/b> breaches due to cloud misconfiguration weren\u2019t even a categorized threat, today they are a leading target.<\/li>\n<li><b>2020:<\/b> ransomware began to surge, and by 2021 it accounted for an average of <span class=\"xn-money\">$4.62 million<\/span> in breach costs, and this year that number reached an average of <span class=\"xn-money\">$5.08 million<\/span> (when the incident was disclosed by an attacker).<\/li>\n<li><b>2025:<\/b> AI, which was included for the first time in the research this year, is quickly emerging as a high value target.<\/li>\n<\/ul>\n<h4 class=\"smallhead\"><b>About IBM<\/b><\/h4>\n<p>IBM&nbsp;<em>(NYSE: IBM)<\/em> is a leading provider of global hybrid cloud and AI, and consulting expertise. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs, and gain a competitive edge in their industries. Thousands of governments and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM\u2019s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently, and securely. IBM\u2019s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and consulting deliver open and flexible options to our clients. All of this is backed by IBM\u2019s long-standing commitment to trust, transparency, responsibility, inclusivity, and service. Visit <a href=\"http:\/\/www.ibm.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">www.ibm.com<\/a>&nbsp;for more information.<\/p>\n<p class=\"referencetext\"><i>Source: IBM<\/i><\/p>\n<p> Tags: <a href=\"https:\/\/insurance-canada.ca\/tag\/artificial-intelligence\/\" rel=\"tag\">Artificial Intelligence (AI)<\/a>, <a href=\"https:\/\/insurance-canada.ca\/tag\/cyber-attacks\/\" rel=\"tag\">cyber attacks<\/a>, <a href=\"https:\/\/insurance-canada.ca\/tag\/cyber-risk\/\" rel=\"tag\">cyber risk<\/a>, <a href=\"https:\/\/insurance-canada.ca\/tag\/cyber-security\/\" rel=\"tag\">cyber security<\/a>, <a href=\"https:\/\/insurance-canada.ca\/tag\/ibm\/\" rel=\"tag\">IBM<\/a> <\/p>\n","protected":false},"excerpt":{"rendered":"<p>AI Can Help Businesses Save Millions and Protect Consumer Data Canadian businesses are losing&nbsp;CA$6.98 million&nbsp;on average to data breaches, with impacts trickling down to consumers. Shadow AI is driving up risks, adding&nbsp;CA$308,000 per breach&nbsp;for&#46;&#46;&#46;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[],"tags":[1],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/posts\/23896"}],"collection":[{"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/comments?post=23896"}],"version-history":[{"count":0,"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/posts\/23896\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/media?parent=23896"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/categories?post=23896"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/tags?post=23896"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}