IBM found that the average data breach cost has declined in SA, reaching R44.1 million in 2025.
A data breach incident now costs South African organisations a little less compared to the same period a year ago, averaging R44.1 million.
Last year, the average data breach cost per incident for local organisations stood at R53.1 million. The decline to R44.1 million in 2025 represents a nearly 17% year-on-year decrease.
The drop witnessed this year has been mainly driven by the adoption of artificial intelligence (AI)/machine learning insights, according to the 20th edition of the IBM 2025 Cost of a Data Breach Report.
Also helping to reduce breach costs locally was the adoption of data security/protection software and the shift towards DevSecOps practices, it reveals.
For businesses, data breaches result in downtime, reputational damage, loss of trust and huge financial implications (including regulatory fees and detection costs).
Like the rest of the world, South African organisations have not been immune to these attacks, as reflected in incident reports received by the Information Regulator.
Insights from the 2025 IBM report show detection and escalation remained the largest cost category at R17.5 million in SA. It was followed by lost business cost at R13.1 million, post-breach response at R12.54 million and notification costs at R0.95 million.
While total breach costs have declined, the figures underline the financial exposure South African organisations still face across the breach lifecycle, highlights the report.
“Despite the increase in the average number of breached records, the decline in breach costs is a strong signal that AI-enabled cyber defence tools are working,” says Ria Pinto, general manager and technology leader, IBM South Africa.
“As South African organisations expand their use of AI in security operations, they’re identifying and containing threats faster.
“But with attackers also leveraging AI, it is critical for local businesses to continue investing in AI security, upskilling their security teams and implementing robust AI governance practices.”
Even as the data breach expenses declined, SA’s average number of breached records increased to 23 445 versus 22 600 in 2024.
Conducted by Ponemon Institute, in partnership with IBM, the research analysed 600 global organisations, including those in SA, that suffered a data breach during the period from March 2024 through February 2025. Some 3 500 interviews were conducted with leaders from those organisations that had first-hand knowledge of what occurred, according to IBM.
Researchers looked at organisations across 17 different industries, in 16 countries and geographic regions. SA represents 4% of the total sample.
The calculation of the average cost is done according to specific parameters defined by IBM and Ponemon. Data collection methods excluded actual accounting information and instead relied on participants estimating direct costs by marking a range variable on a number line, explains IBM.
The report notes the most common initial causes of data breaches in 2025 in SA were third-party vendor and supply chain compromise, which account for 17% of incidents and carried an average cost of R29.6 million.
“Compromised credentials, phishing and denial-of-service attacks each made up 13% of breaches, with average costs of R48 million, R50.4 million and R38.75 million, respectively.”
While AI tools are being used for detection purposes, the report also points to the downside of some of these tools and solutions.
Unpacking this year’s key findings, IBM cyber security expert Jeff Crume explained that 13% of the organisations surveyed experienced a data breach related to AI, which then caused a ripple effect.
Of the 13% of organisations, 60% experienced a data compromise, while 31% experienced operations disruptions, he stated. “This shows that AI is not only doing some good stuff, but is also introducing new attack vectors, which shouldn’t be a surprise to anyone.”
In terms of shadow AI, Crume revealed that 20% of organisations found they had unauthorised AI implementations within their organisations. “Nobody approved this and maybe nobody was aware of it until it became a problem.”
In SA, the report found that the use of shadow AI increased the cost of a data breach by R2.2 million. This was followed by adopting AI tools at R2.1 million.
The report notes that to reduce the risk of attacks on AI models, local organisations are most commonly implementing access controls on AI systems (37%).
On AI governance adoption, 47% of surveyed organisations reported having formal AI governance policies in place, with an additional 14% starting to develop them.
For those with policies in place, the most common elements include strict approval processes for AI deployments (45%), use of AI governance technology (41%) and employee training on AI risks (37%).
Organisations that extensively used AI and security automation reported lower breach costs at R36.22 million – 32% lower than those that had no use of these measures. Those that used AI and security automation also saw a lower mean time to identify and contain.