The global average cost of a data breach has dropped for the first time in five years, although not in Canada, a new report indicates.
Although global costs are declining due to less time taken to investigate breaches resulting in shorter breach life cycles, cyberattack costs in Canada have increased, the report indicates.
Organizations in Canada paid an average of $6.98 million per data breach in 2025, which is a 10.4 percent increase from $6.32 million in 2024.
Costs in Canada are higher due to an increase in detection and escalation expenses, which include costs for forensic investigators, regulatory responses, legal counsel, and crisis communications, IBM Canada’s security delivery leader Daina Proctor said.
Breach detection costs amount to $470,000 on average in Canada, while post-breach recovery costs are approximately $270,000. Meanwhile, Canada is also facing rising costs as a result of “slower adoption of AI-driven defences and governance gaps,” Proctor said.
Organizations “extensively” using AI and automation report average data breach costs of $5.19 million, while those not using these tools report average breach costs of $8.53 million, the release says.
“Additionally, these technologies helped organizations achieve faster detection and containment, shortening breach lifecycles by 59 days for those using them extensively,” IBM says.
“AI tools automate manual cybersecurity tasks, including across threat detection and response, allowing security teams to focus on higher-priority initiatives.”
Shadow AI
The report also found a increase of “unsanctioned AI,” known as shadow AI, which it says can amplify risks, escalate costs, and expose sensitive consumer data and is often introduced by employees using AI systems that are not approved by their employer in order to boost their productivity.“The use of shadow AI was also found to be a top breach cost driver for Canadian businesses, with breaches involving shadow AI increasing costs by $308,000,” the release says.
Around 20 percent of the organizations studied noted they suffered a data breach due to security incidents involving shadow AI. Using shadow AI added $967,011 on average to breach costs and led to more personal identifiable information and intellectual property being compromised, according to global organizations that faced high levels of shadow AI.
Most Expensive Breaches
The most expensive breach costs in Canada were experienced by the financial sector with an average of $9.97 million in costs this year, which is a 7.4 percent increase from $9.28 million last year.Industrial sector breaches averaged $8.39 million, while pharmaceutical breaches cost on average $7.99 million, the release says.
When organizations face millions of dollars in costs from cyberattacks, the impacts on Canadians include higher costs for goods and services, stolen personal data, and service disruptions.
The report recommends that Canadian businesses develop policies to manage the use of AI, prevent shadow AI, and ensure compliance with privacy laws. They can also invest in security automation, using AI tools to detect and contain breaches more quickly.
In addition, businesses are advised to invest in integrated AI security and AI governance software and expand employee training to strengthen security awareness and minimize human error.







