Why 2026 will be the year of governed cybersecurity AI

The global average cost of a data breach fell to USD 4.44 million in 2025, a 9 per cent drop and the first decline in five years, according to IBM’s Cost of a Data Breach Report. On the surface, that looks like progress. Security AI and automation are finally paying dividends, compressing detection timelines and trimming investigative overhead.

But the headline number obscures a more uncomfortable reality. Organisations with extensive automation reported breach costs nearly USD 1.9 million lower than those relying on manual processes. The gap between leaders and laggards is not closing – it is widening. And the very AI tools driving those savings are introducing a new category of risk that regulators, insurers and boards can no longer ignore.

The automation paradox

Security operations centres have embraced AI with the urgency of an industry running out of analysts. Burnout-driven churn rates exceed 25 per cent ...