Home > IT/기술 > AI Lowers Data Breach Costs, But the Crisis Isn't Over

AI Lowers Data Breach Costs, But the Crisis Isn't Over

Global data breach costs are on a downward trend thanks to AI adoption.

IT_기술 2026-04-24 IT/기술

Global data breach costs are on a downward trend thanks to AI adoption. As cybersecurity experts have long warned, data breaches, ranging from individuals' financial information to large corporations' customer data, have become one of the most severe digital threats in modern society. Thousands of breaches occur annually, compromising millions of personal records and inflicting immense economic losses on businesses. However, a recently published report indicates hopeful signs of some improvement. The question is, how much can this hope truly elevate our data security? According to IBM's 'Cost of a Data Breach Report,' published in 2025, the average cost of a global data breach in 2024 decreased to $4.44 million. This represents approximately a 9% reduction from $4.88 million in the previous year (2023), marking the first significant decline after five years of continuous increases. This positive shift is primarily attributed to the adoption of artificial intelligence (AI) and automation technologies in the security sector. The report indicates that organizations extensively adopting AI and automation technologies saved approximately $1.9 million per breach on average compared to those that did not. This is because AI technology can detect threats early, and automated response systems can quickly contain the spread of damage. Ironically, however, while the global average decreased, the average cost of a data breach in the United States reached an all-time high of $10.22 million. This figure is 2.3 times the global average, a complex result of stringent data protection regulations, high litigation costs, and the concentration of companies holding vast amounts of data within the U.S. Notably, the U.S. also set another record in 2024 with 3,322 data breaches. According to the Internet Crime Complaint Center (IC3) report published by the FBI in 2025, the total losses from cybercrime in 2024 amounted to $16.6 billion, a 26% increase from the previous year. This implies that while the average cost per individual breach has decreased, the total economic damage has actually grown due to the continuous increase in the overall number of breaches. Given that the number of data breach incidents is still rising, it is clear that the overall security situation is far from reassuring. Human Error and Third-Party Reliance Remain Significant Threats While the adoption of AI and automation technologies has contributed to reducing data breach costs, it's crucial to recognize that these technologies are not a panacea. According to the report, 68% of all data breach incidents are still attributable to human factors—namely, human error, social engineering, and misuse of privileges. Notably, an analysis conducted by Stanford University researchers found that 88% of all breaches were caused by human mistakes. From simple password management errors to information leaks via phishing emails, unauthorized device connections, and non-compliance with security protocols, instances where humans act as the weakest link continue to rise. No matter how advanced AI becomes, it alone cannot completely replace or eliminate human factors. Instead, with the evolution of technology, strengthening security awareness among individuals and organizations, regular security training, and the establishment and adherence to clear security policies are more critical than ever. Furthermore, approximately 30% of data breaches were found to be related to third parties, a figure that has doubled from the previous year. This indicates that many companies are overly reliant on external partners such as cloud service providers, IT management firms, software vendors, and collaborators, and the security vulnerabilities of these third parties are sequentially leading to their own data breaches. In the modern business environment, third-party services are essential for operational efficiency and cost reduction, but they simultaneously carry potential security risks across the entire supply chain. No matter how thorough a company's security is, if a partner or supplier's security is weak, attackers can exploit that vulnerability. Therefore, an era has arrived where robust supply chain security management, regular evaluation and verification of partners' security levels, and clear data access privilege management must become core components of corporate security strategies. Some might interpret the recent positive signal of decreasing data breach costs as a sign that the problem is being resolved. However, it is crucial not to overlook that it still takes an average of 241 days to identify and fully resolve a data breach. Specifically, it takes an average of 181 days just to identify a breach incident, with an additional 60 days required for resolution after identification. This means that attackers can remain active within a system for approximately eight months after a breach occurs, indicating that the 'golden hour' for preventing early damage continues to pass. Prol