AI-enabled cybersecurity lowers SA data breach costs

The average cost of data breaches declined in 2025 as artificial intelligence (AI), machine learning (ML) and automation helped security teams to identify and contain breaches faster.

That was a key takeaway from IBM’s 2025 Cost of a Data Breach Report which found out that the average cost of a data breach for South African organizations was 44.1 million South African rand (US$2.45 million) in 2025, an almost 17% year-over-year decrease compared to R53.1 million ($2.95 million) in 2024.

For the first time in five years, the global average cost of a data breach also dropped 9%, from $4.88 million in 2024 to $4.44 million in 2025.

According to the report, three key factors helped reduce breach costs in South Africa: the adoption of data security or protection software, increased use of AI-ML driven insights, and the shift toward DevSecOps (development, security and operations) practices.

However, the average number of breached records increased to 23,445 vs. 22,600 in 2024.

“Despite the increase in the average number of breached records, the decline in breach costs is a strong signal that AI-enabled cyber defense tools are working. As South African organizations expand their use of AI in security operations, they’re identifying and containing threats faster,” said Ria Pinto, general manager and technology leader at IBM South Africa.

IBM warned that while AI is helping drive down data breach costs attackers are also using generative AI (GenAI) to create and scale realistic phishing and deepfake attacks.

“With attackers also leveraging AI, it is critical for local businesses to continue investing in AI security, upskilling their security teams, and implementing robust AI governance practices,” Pinto added.

The cost of data breaches in South Africa

In South Africa, detection and escalation remained the largest cost category at R17.5 million ($971,330).

This was followed by lost business costs at R13.1 million ($727,110), post-breach response at R12.54 million ($696,030) and notification costs at R950,000 ($52,730).

IBM said that while total breach costs have declined, the data underlines the financial exposure South African organizations still face across the breach lifecycle.

Sector-specific costs remained elevated in 2025 with South Africa’s financial sector experiencing the highest total cost of a breach at R70.2 million ($3.9 million). This follows the hospitality sector at R57.5 million ($3.2 million) and services-focused businesses at R56.76 million ($3.1 million).

The most common initial causes of data breaches in 2025 were third-party vendor and supply chain compromise, which account for 17% of incidents and carried an average cost of R29.60 million ($1.64 million).

Compromised credentials, phishing and denial-of-service attacks each made up 13% of breaches.

AI’s impact on breach costs

The report found that globally one-in-six breaches involve AI-driven attacks, most often for AI-generated phishing (37%) and deepfake impersonation attacks (35%).

To reduce the risk of attacks on AI models, 37% of organizations surveyed in South Africa said they are implementing access controls on AI systems.

Around 47% of surveyed organizations reported having formal AI governance policies in place, with an additional 14% starting to develop them.

For those with policies in place, the most common elements include strict approval processes for AI deployments (45%), use of AI governance technology (41%) and employee training on AI risks (37%).

Organizations that extensively used AI and security automation reported 32% lower breach costs than those that had no use of AI and security automation.

Those that used AI and security automation also saw a lower mean time to identify (MTTI) and mean time to contain (MTTC) breaches.

The 2025 Cost of a Data Breach Report analyzed real-world data breaches from over 600 organizations worldwide from March 2024 through to February 2025. The South African sample made up 4% of the total global sample.

Conducted by Ponemon Institute and sponsored and analyzed by IBM, the report has investigated nearly 6,500 data breaches over the past 20 years.