The 2025 IBM Cost of a Data Breach report confirms the trend: physical failures have caused almost 9% of successful attacks since 2020. A strong reminder that information systems must be protected within each entity through strict access control policies.
This average, which has increased this year, illustrates how relevant the paradigm introduced by the NIS2 and CER directives is. Their requirements can help all entities reach the necessary security levels—from the gate to the most critical areas—and prevent or at least mitigate the consequences of attacks.
Data breach cost is decreasing
With a better maturity level, training, awareness programs and, of course, incoming laws, the report indicates a 9% fall (to $4.44 million) in costs thanks to improved security automation and AI-driven monitoring/response systems.
One of the only countries where this cost increases is the USA, with an average of $10.22 million (+9%), remaining the leader on that point.
Artificial Intelligence for good and bad as well
While AI can help build better security systems and reduce costs, it is also used by attackers (1 in 6 breaches involved AI) through phishing or deepfakes. Both the low cost and the near-zero technical skills required boost the volume of attacks.
86% of entites with operational disruption
86% of entities announced they had to deal with an operational disruption affecting sales, services, or production. Almost half of them admitted raising prices to offset these costs. Another alarming figure is the recovery time required (when it is even possible), which ranges from 100 to 150 days.
