Financial data breaches: key highlights from 2025
This blog post draws on the financial sector data subset of the IBM Cost of Data Breach Report 2025, a global study analysing breach costs, causes, and security practices across industries. Here, we focus exclusively on insights relevant to financial services, supplying CISOs and executives with actionable, sector-specific cyber risk intelligence.
In 2025, financial organisations faced average breach costs of $5.56 million, 25% higher than the global average, despite a slight 9% improvement compared with 2024. AI-driven attacks occur in roughly one in six financial breaches. While 62% of financial firms have AI governance policies, 38% are still developing theirs. Phishing, supply chain compromise, and denial-of-service (DoS) attacks remain the most common intrusion methods.
In 2025, financial organisations faced average data breach costs of $5.56 million, 25% higher than the global average, with AI-driven attacks occurring in one in six breaches. Share on X
Costs and causes of financial data breaches
Breaches in financial services are among the costliest worldwide. The average breach cost is $5.56 million, second only to healthcare, significantly exceeding the global average of $4.44 million.
The average cost of a breach involving shadow AI is approximately $4.63 million. Ransomware-linked breaches cost approximately $5.14 million.
Malicious attacks cause 51% of breaches, followed by IT failure (30%) and human error (19%). Recognising these causes is critical to developing balanced security measures covering technology and personnel.
AI and financial data breach risk management
AI adoption is increasing, but governance gaps persist. 62% of firms have formal AI governance policies; 38% are still developing them.
Internal risk assessment teams are used in 60% of firms to conduct AI risk assessments, 37% use third-party audits, and 33% employ automated tools. 16% of financial organisations are not currently assessing AI evasion risks. This increases exposure.
Security incidents involving shadow AI impact 20% of firms; 13% report a security incident on an AI model or application. Importantly, 97% of organisations without proper AI access control suffer AI-related breaches. AI-driven attacks compose about one in six breaches.
Detection, response, and attack patterns in financial breaches
Financial firms detect breaches in 157 days on average. This is faster than the global 181-day average. They contain breaches in 45 days compared to 60 days globally. Phishing leads as an attack method (16%), followed by supply chain compromise (15%) and DoS attacks (13%). This diversity underscores the need for comprehensive defences.
Practical strategies to mitigate financial data breaches
Regular AI model audits occur at 30% of all financial firms (26% among organisations that had a security incident on an AI model). Training data validation and adversarial testing adoption range from 24–27%, revealing opportunities for improvement.
Extensive use of AI security tools and automation by 36% of financial organisations accelerates breach detection and containment to reduce costs, with these organisations saving an average of $1.9 million.
FAQs on financial data breaches
-
What is the average cost of a financial data breach in 2025?
$5.56 million, 25% higher than the global average -
How common are AI-driven attacks in finance?
They account for about 1 in 6 breaches. -
What additional costs do shadow AI breaches incur?
The average cost of a breach involving shadow AI is $4.63 million. -
How prevalent are AI governance policies among financial firms?
62% have policies; 38% are still developing them. -
What are average detection and containment times?
Detection: 157 days; containment: 45 days -
What causes most financial breaches?
Malicious attacks (51%), IT failures (30%), human error (19%) -
What attack vectors are most common?
Phishing (16%), supply chain compromise (15%), denial of service (13%). -
How do firms manage AI risks?
Through governance, regular audits, risk assessment, and automation. -
How does automation reduce breach costs and time?
Extensive AI and automation save around $1.9 million and shorten breach lifecycles. -
What strategies prevent AI-related breaches?
Strong access controls, risk assessments, and ongoing monitoring are critical.
Strengthening cyber security after a financial data breach
Financial cybersecurity risks blend longstanding threats with evolving AI challenges. Leaders must implement strong AI governance, conduct comprehensive risk assessments, and harness AI-powered automation for detection and response. These measures limit financial and reputational damage while maintaining trust.
Download the Financial Sector PDF here
You might be interested in reviewing additional 2025 IBM Cost of Data Breach report content
UK report 2025 CODB
2025 Cost of Data Breach Key Findings
Supply chain security risks drive data breach costs for UK in 2025