The IBM Cost of a Data Breach Report 2025 makes one thing clear: the inbox remains the entry point for the most common and devastating data breaches today.

Phishing is once again the leading initial attack vector, averaging $4.8 million in breach costs. Vendor compromise and account takeover follow closely, with breach costs nearing $5 million and containment timelines often exceeding 250 days. Despite the noise around emerging threats like deepfakes or AI model poisoning, IBM’s data shows that many of today’s most damaging breaches still begin with a simple, well-timed email.

Below, we break down the data that matters most for defenders confronting today’s most advanced, AI-powered email threats.

After years of being eclipsed by stolen credentials, phishing is again the most common entry point for data breaches, accounting for 16% of incidents analyzed. The IBM report found that on average, these breaches take 254 days to detect and contain.

One reason for the spike is velocity. According to IBM, generative AI has reduced the time to write a convincing phishing email from as long as 16 hours to just 5 minutes, dramatically increasing both scale and personalization. That speed translates to higher click rates from employees, more compromised inboxes, and expensive remediation.

Despite decades of awareness training and basic filtering, phishing continues to thrive because it now targets what many tools don’t analyze: behavior. Static rules can’t detect a compromised vendor suddenly changing payment information or a CFO being impersonated during travel. Given their success rate, bad actors will continue to center their phishing campaigns around the human vulnerability.

While attackers are rapidly adopting AI to automate and evolve their techniques, the report also shows a clear payoff for defenders who do the same.

Organizations that used AI and automation extensively reduced breach costs by nearly $1.9 million compared to those that didn’t, while identifying and containing breaches 80 days faster. The difference is stark: an average breach cost of $3.62 million for AI adopters versus $5.52 million for those without.

The takeaway isn’t simply that AI helps. It’s that AI works best when integrated deeply into the security lifecycle, fueling proactive detection, rapid investigation, and autonomous response to each flagged message. Point solutions and after-the-fact forensics can no longer cut it, and human SOC teams can’t be expected to keep up with AI-powered threats manually. Prevention now requires insight into patterns, relationships, and intent.

While phishing may initiate the attack, vendor compromise and account takeover often magnify the damage. IBM classifies these attacks under third-party supply chain breaches and malicious insider threats—two of the most expensive breach categories, each averaging $4.9 million in breach costs per incident.

These types of attacks also took the longest to resolve. Supply chain breaches required 267 days on average, largely due to how easy they are to conceal. A bad actor impersonating vendors rarely behaves in visibly malicious ways. The emails look familiar. The documents are expected. The requests seem routine, until payments vanish and stolen credentials provide new opportunities for wider breaches.

In these scenarios, identity alone is no longer a reliable trust signal. Behavior is. That’s why security strategies focused on analyzing relationships, context, and communication patterns are quickly becoming the new standard.

One of the clearest trends across this year’s report is the relationship between time and cost. Breaches identified and contained in under 200 days averaged $3.87 million, while those that lingered past 200 days cost $5.01 million, a 29% increase.

How a breach is discovered also plays a critical role in its overall cost. When internal security teams detected the incident, the average cost was $4.18 million. But when the breach was first disclosed by the attacker, often through extortion demands or public data leaks, the cost jumped to $5.08 million. That difference reflects lost response time, reputational damage, and the broader impact of a threat actor operating undetected until they choose to go public.

In both cases, speed of detection makes the difference. And that speed increasingly relies on AI—not as a supplement, but as the central engine for threat identification and triage.

At Abnormal, we see the IBM Cost of a Data Breach Report 2025 report as a clear validation of our core belief: behavioral intelligence, powered by AI, has become absolutely essential in securing cloud email environments.

The economics of breach response are only getting worse. In the United States, the average cost of a data breach surged past $10.2 million, more than double the global average. IBM attributes the rise to steeper regulatory penalties, longer detection timelines, and broader operational fallout.

While attacker speed accelerates, organizational readiness continues to lag. Only 32% of organizations use AI extensively in their security programs, and nearly two-thirds lack an AI governance policy. The gap between threat sophistication and defensive maturity continues to grow, and the consequences are increasingly measured in millions of dollars.

Abnormal is built to stop the high-cost email attacks at the center of IBM’s findings. By modeling the behavior of every employee and vendor, Abnormal detects the subtle deviations that reveal social engineering and account compromise before an attacker can misdirect payments, steal data, or trigger months of costly incident response.

The new IBM data leaves little ambiguity: attackers are successfully leveraging AI and exploiting human behavior to launch increasingly devastating campaigns. But the data also points to a clear path forward. Organizations that fully leverage AI in their security stack are containing threats faster, reducing breach costs by millions, and building a measurable advantage in the fight against modern email attacks.

Ready to prevent expensive cloud email breaches and improve response time with AI-native solutions? Book your Abnormal demo now.