Despite AI-related breaches remaining low, nearly all businesses that reported an incident lacked proper access controls, leading to broader disruption and significant financial costs.

A VAKAV Perspective: As artificial intelligence becomes deeply embedded in enterprise operations, the conversation is shifting from "what can AI do?" to "how can we manage it safely?" AI governance is no longer an afterthought; it is a critical pillar of a modern security and data strategy. The latest IBM Cost of a Data Breach report provides alarming data on this front, quantifying the immense financial and reputational damage caused by the gap between AI adoption and oversight. This analysis highlights a challenge that we at AryaVakav are fundamentally dedicated to solving

AI applications are emerging as a high-value target for cybercriminals, and enterprise defenses are lagging, according to an IBM survey. The IT provider tapped Ponemon Institute to review data breaches at 600 organizations for its annual Cost of a Data Breach report.

Security incidents involving enterprise AI models or applications are low at just 13% of reported breaches. But of those, 97% of enterprises lacked proper AI access controls, leading to broader data compromise and operational disruption. AI-related incidents mostly occurred due to compromised apps, APIs or plug-ins.

Enterprises are also encountering AI-driven attacks, accounting for about 1 in 6 breaches. Most often, attackers are using the technology to generate phishing attempts or deepfake impersonations.

AI adoption can improve business operations and employee workflows, but it also exacerbates security risks when not governed adequately.

More than 3 in 5 enterprises said they did not have AI governance policies in place or are still in the process of developing them, according to the IBM survey. Plus, less than half of those organizations that have policies also have an approval process for deployments or perform regular audits for unsanctioned AI.

“The data shows that a gap between AI adoption and oversight already exists, and threat actors are starting to exploit it,” Suja Viswesan, VP of security and runtime products at IBM, said in a statement.

Around 1 in 5 enterprises that suffered a breach traced it back to shadow AI. While the global average breach price tag is $4.4 million, high levels of unsanctioned AI use added about $670,000 compared with companies experiencing low levels of shadow AI.

Unsanctioned use was also tied to a higher volume of personally identifiable information and intellectual property data being compromised. Due to its destructive ability, IBM put the rise of shadow AI in the top three most costly breach factors, outpacing security skills shortages.

“The cost of inaction isn’t just financial, it’s the loss of trust, transparency and control,” Viswesan said.

Conclusion: The insights from the IBM report are a clear call to action for enterprise leaders: effective AI governance is non-negotiable. The high cost associated with "Shadow AI" and the near-total lack of access controls in breached systems demonstrate the urgent need for a secure, centralized platform. VAKAV’s suite of products, particularly Vakav Autonomous, directly addresses this challenge by providing a sanctioned, on-premises environment where AI can be used productively and safely. By embedding robust access controls and auditable oversight into our core architecture, we empower organizations to close the gap between adoption and governance, turning a potential liability into a trusted strategic advantage.

This article is a republication of a piece originally published on CIO Dive.