IBM: Costs of data leaks fall in Germany for the first time in five years

In contrast, the costs per data leak increased significantly in the USA: Companies there reported a record average of USD 10 million per incident (2024: USD 9.36 million). This is due to higher expenses for detection and escalation as well as higher fines imposed by the regulatory authorities. The Benelux countries, Canada and India also recorded slight cost increases.

AI risks are still underestimated

The lower level of damage worldwide is partly due to the use of AI-supported security software. At the same time, however, 13% of the companies surveyed reported security incidents in which AI models or  applications were compromised; a further 8% did not know whether they had been affected in this way. 97% of those affected did not have adequate AI access controls in place. Most of these incidents (29%) involved third-party SaaS-based AI services, followed by internally trained solutions (26%) and open source models (26%).

When it comes to data leaks, every day counts

The time it takes to identify and contain an incident remains a key cost driver. In 2025, German companies needed an average of 170 days to identify and contain security incidents – 15 days less than in the previous year and 71 days below the global average. This means that Germany has the shortest response time of all countries and regions surveyed.

Other important findings of the report for Germany:

• AI governance with room for improvement – 52% of German companies have guidelines in place to regulate the use of AI and to contain “shadow AI”. Although this figure is above the global average of 37%, only 39% have explicit AI access controls. Almost every second company (45%) uses strict approval processes for AI applications, which underlines the tightly meshed German regulatory environment.
• AI-supported security solutions significantly reduce the level of damage – 63% of the organizations surveyed use AI-based security and automation tools extensively or partially (up 5 percentage points compared to 2024), according to the IBM Cost of a Data Breach Report 2025. Companies with extensive use of AI shortened the lifecycle of data breaches by 15 days (155 vs. 170) and reduced average costs by 1.35 million euros compared to companies without these technologies.
• Industrial companies still heavily affected – As in 2024, industrial companies recorded the highest average costs per incident (2025: 6.67 million euros; 2024: 9.34 million euros), followed by pharmaceutical companies (4.62 million euros) and financial service providers (4.46 million euros).
• Most important gateway: supply chain and third parties – In 16% of German cases, initial access was via the supply chain or third-party systems, costing an average of 4.52 million euros. Phishing was in second place with 14% and 4.15 million euros in damage. Denial-of-service attacks (also 14%) caused an average of 3.14 million euros. Stolen or compromised login data fell from 20% (1st place in the previous year) to 8% (5th place), but still caused 4.2 million euros in damage (2024: 5.11 million euros).

“The first decrease in the amount of damage caused by data leaks in five years is good news for German companies,” said Christine Barbara Müller, Partner & Head of Security Services DACH at IBM Germany. “This shows that the race against increasingly sophisticated attackers is far from over. The investments made in recent years in sophisticated AI-based security systems are paying off, and IT teams are using them effectively against increasingly sophisticated attacks. It is also positive that German companies are able to detect and contain cyber attacks comparatively quickly. Nevertheless, we must not rest on our laurels: AI applications and the underlying infrastructure have gained strong strategic importance in many companies and must be even better secured at data, model and access level. In addition, the use of shadow AI by employees must be curbed in order to close this gateway for cyber criminals. Despite increasing cost pressure on companies, I still see room for improvement in these areas in Germany,” concludes Müller.

Additional insights for other countries

The Cost of a Data Breach Report 2025 also provides data from France, Italy, the United Kingdom and the Benelux countries. Here is some additional information about these countries:

• Average duration of data breaches in days: 
  o    United Kingdom – 210 (2024: 230)
  o    Italy – 186 (2024: 218)
  o    France – 284 (2024: 294)
  o    Benelux – 253 (2024: 265)
  –    Most common initial attack vector: 
  o    United Kingdom – supply chain and third-party compromise (18%)
  o    Italy – phishing 17% (unchanged from last year)
  o    France – DoS attacks, physical theft or physical security issues, human error (20%). France – DoS attacks, physical theft/physical security issues, human error by insiders via supply chains/third party providers – 13% each
  o    Benelux – Stolen or compromised credentials and human error by insiders – 15% each
• Use of AI-based security and automation solutions (proportion of organizations using them extensively or to a limited extent, according to the report): 
  o    United Kingdom – 76% (2024: 71%)
  o    Italy – 76% (2024: 69%)
  o    France – 65% (2024: 70%)
  o    Benelux – 71% (2024: 66%)

Worldwide observations in the Cost of a Data Breach Report 2025:

• High costs due to shadow AI – Organizations with high use of shadow AI (unregulated, unauthorized use of AI) recorded an average of 670.000 higher costs per data leak than organizations with little or no shadow AI – one of the biggest cost drivers in 2025.
• Data leaks have long-term effects – Nearly 90% of affected organizations reported business disruptions, and only a third had fully recovered their systems at the time of the study, with most taking more than 100 days.
• Decreasing willingness to pay ransom – According to the current study, 63% of organizations surveyed rejected ransom demands (2024: 59%). Nevertheless, the average cost of blackmail or ransomware attacks remains high – especially if the attack is disclosed by the perpetrator before the company recognizes it (5.08 million US dollars).
• Security investments are stagnating despite increasing AI risks. Only 49% of participating companies and organizations plan additional security investments after an incident (2024: 63%). Less than half of these plan to explicitly prioritize AI-based solutions.

About the Cost of a Data Breach Report 

The Cost of a Data Breach Report is based on an in-depth analysis of more than 3,470 interviews on real-life incidents at 600 companies worldwide. The study period was from March 2024 to February 2025. The report is produced by the Ponemon Institute and sponsored and analyzed by IBM and has been an industry benchmark for two decades. It has been published in Germany for 17 years. Over time, the report has examined incidents in a total of 6,784 companies and organizations worldwide.

With the rapid spread of AI in the corporate environment, the 2025 study examined security and governance in connection with AI for the first time: What data is targeted in AI-related incidents? What are the costs of AI-driven attacks? How widespread and risky is shadow AI?

Findings from the 2025 to 2025 reports:

• 2005: Almost half (45%) of all data leaks were caused by lost or stolen devices such as laptops or USB sticks. Only 10% of incidents were due to hacked electronic systems.
• 2015: Security incidents due to misconfigurations in the cloud were not even classified as a threat category back then. Today, they are among the most important threats.
• 2020: Ransomware began to spread rapidly. By 2021, these incidents caused an average cost of 4.62 million dollars per data leak. In the current report for 2025, this figure rose to an average of 5.08 million dollars if the attack was disclosed by the attackers themselves.
• 2025: AI security was examined for the first time and is simultaneously proving to be a new, highly relevant attack surface and a driver for faster detection and lower overall costs on the company side.

Additional Information

o    Download a copy of the latest Cost of a Data Breach Report.
o    Register for the IBM webinar “Cost of a Data Breach” on Wednesday, August 13. August 13, 2025, at 5:00 pm CEST.  

About IBM 

IBM is a leader in hybrid cloud, AI and consulting. We help clients in over 175 countries commercialize insights from their data, optimize business processes, reduce costs and stay at the forefront of their industry. Thousands of government agencies and organizations in critical infrastructure sectors such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift for fast, efficient and secure digital transformation. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and consulting provide our clients with open and flexible options. All backed by IBM’s long-standing commitment to trust, transparency, accountability, inclusion and service. For more information, please visit www.ibm.com.

Dicsclaimer: This press release contains information from the IBM Cost of a Data Breach Report 2025. All information is provided to the best of our knowledge, but without guarantee of completeness or legal liability.

– – – – – –

Further links

👉 www.ibm.com  

Photo: IBM