Euro Security commentary on the IBM study ‘Cost of a Data Breach 2025’

According to the latest IBM report, the average cost per data breach in Germany has fallen significantly for the first time in years – from 4.9 million to 3.87 million euros. Is this cause for celebration? Only to a limited extent.

The decline shows that investments in cyber security – especially in AI-supported detection and response – are having an effect. Security Operations Centres (SOCs) that use AI effectively are particularly good at detecting incidents quickly and thus limiting the damage. This confirms a trend: early detection is crucial.

But the report also reveals the flip side: AI itself is increasingly becoming a target. Around 13% of companies have already reported compromised AI models – mostly due to insecure third-party SaaS solutions or inadequate access controls. And almost one in ten companies does not even know whether it has been affected.

This shows that AI does not automatically mean greater security – it can itself become a vector for attack if used without protection. Companies must therefore not only automate their protective measures, but also secure the AI systems they use. This includes robust access controls, risk assessment of third-party services and the protection of training data and models.

Conclusion: The decline in the amount of damage is a positive sign – but it is not a green light. Anyone who uses AI must also protect AI. Only then will it remain a lever for greater security – and not a new gateway.