The latest research from Consilium;
63% of data breached firms globally have no AI governance policy and only 34% audit for unsanctioned AI use, according to the 2025 IBM Cost of a Data Breach Report, published on Friday.
Off the back of the report, the global Speciality (re)insurance broker, Consilium, warns brokers of the clear and urgent need to build AI governance into clients’ cyber risk frameworks before regulators, attackers or insurers force the issue.
According to the report, Shadow AI was responsible for 20% of data breaches, adding an average of USD 670k to breach costs for organisations with high levels of shadow AI. Shadow AI is the use of AI tools or models in an organisation without formal approval, oversight, or security controls – creating hidden vulnerabilities and compliance risks. Customer Personal Identification data was the most frequently compromised data (65%) as it can be used for financial, insurance and identity fraud; or sold on the dark web. Contrastingly, whilst Intellectual Property data was less frequently compromised (40%), it was the costliest at USD 178 per record.
“Most organisations have adopted AI tools now to some degree in the workplace, but few are governing it, as this latest report from IBM confirms”, warns Ethan Godlieb, Consilium’s Associate Partner leading Cyber, Tech and Fintech within its Professional & Executive Risks Division.
He continues: “The question now isn’t whether clients use AI, but how they use it. Simply relying on existing broad cyber wordings might not be enough with increasing scrutiny on AI governance. Brokers need to urge clients to audit AI usage and implement governance policies to reduce exposure, and they should consider ensuring affirmative AI coverage is included within their clients’ cyber policy wordings. Governance gaps are widening, and shadow AI is the new insider threat.”
The 2025 IBM Cost of Data Breach Report spans 600 organisations impacted by data breaches between March 2024 and February 2025 across 17 industries, 16 countries and includes interviews with over 3000 c-suite business leaders.
The report highlights an escalating AI arms race with AI used both as a weapon and a shield in cyber warfare. The cost of data breaches has declined for the first time in 5 years to an average USD 4.44m, due to AI powered defences and breach containment, but an increasing number (1 in 6) of breaches now involve AI driven attacks such as phishing or deepfakes.
Recognised as a cyber broker champion and established authority in Cyber insurance, Ethan Godlieb joined Consilium in May from Aon. Ethan is expanding Consilium’s cyber book across class and territory, collaborating across complimentary teams at Consilium to provide tailored Cyber insurance solutions and specialised risk management guidance that address the heightened cyber risks business of all sizes and sectors face in the current environment.
Be the first to comment