Cyber attacks are getting more expensive — and not just in IT budgets. IBM’s 2025 Cost of a Data Breach Report shows that average breach costs in the United States have reached a record US$10.22 million, up 9% from last year. Globally, the average remains steady at US$4.44 million, but the financial pressure is shifting.
The most expensive breaches increasingly involve risks within finance’s influence: shadow AI use, vendor compromise, and gaps in internal access controls. For example, unauthorized AI use added an average of US$670,000 to breach costs. Shadow AI was among the top three most costly breach factors this year, alongside complex security environments and supply chain risk. Breaches involving malicious insiders or vendor compromise each averaged nearly US$5 million — more than 10% above the global average of US$4.44 million.
CFOs aren’t just watching these trends — they’re in a position to reduce them. From liquidity protection to vendor governance, finance leaders have a direct role in managing the cost and recovery of modern cyber attacks.
What's driving breach costs higher in 2025
- Shadow AI and internal control gaps are increasing breach costs
The report highlights how innovation is outpacing oversight — particularly with AI. Organizations that experienced breaches involving shadow AI tools faced significantly higher costs. Most lacked even basic access controls for these systems, which led to increased data exposure and longer resolution timelines.
- +US$670K: Additional average cost from shadow AI breaches
- US$4.92M: Average cost of malicious insider attacks
- US$4.91M: Average cost of vendor compromise
Each exposes control gaps that finance leaders can directly influence — through policy, vendor governance, or internal access frameworks. - Longer recovery timelines are a working capital issue
Most breaches now take over 100 days to resolve, with 65% of breached organizations still recovering at the time of survey — up from just 12% last year, highlighting a worsening recovery burden. It means delayed billing, paused operations, and strained liquidity. For CFOs, it’s a trigger to integrate cyber scenarios into continuity planning and treasury stress tests. - Detection speed is directly tied to cost outcomes
Detection method remains one of the most financially material variables in the breach lifecycle:
- US$4.18M: Cost of breaches detected internally
- US$5.08M: Cost when attackers disclose the breach
- US$1.9M: Average savings from using AI and automation extensively
Yet only 32% of organizations use automation widely. That’s a missed opportunity to protect margins through faster containment. Breach detection and containment are also trending faster overall, with identification time falling from 194 to 181 days and containment improving from 64 to 60 days.
Where Eftsure fits in
The most expensive breach types — vendor compromise, phishing, and business email compromise — often exploit weak vendor validation and manual payment workflows.
Eftsure helps finance teams reduce this exposure by:
- continuously validating vendor banking details before payment
- verifying outbound payments in real time against independently sourced data
- monitoring transactions for anomalies that could indicate fraud or compromise
These controls extend finance’s assurance layer and operate independently of perimeter security — helping CFOs strengthen resilience even when attacks succeed.
What finance leaders should prioritize next
This year’s breach trends underscore that resilience is not just technical — it’s operational and financial. To reduce exposure and support stronger cost controls, finance leaders should:
- Formalize AI governance across finance and operations
Ensure tools like generative AI are approved, access-controlled, and monitored to reduce unauthorized usage. - Integrate cyber risk into vendor and access governance
Make cyber risk part of vendor onboarding, offboarding, and internal access policies — not just an IT concern. - Include breach scenarios in liquidity and continuity planning
Model how cash flow and vendor obligations are affected by 100+ day recovery timelines. - Support automation to shorten detection and response time
Invest in automation and AI tools that can reduce breach costs by nearly US$2 million on average. - Map breach cost impacts to board-level risk discussions
Quantify how cyber attacks affect profit margins, compliance exposure, and long-term financial resilience.
Finance has a frontline role in breach cost reduction
Cyber threats are revealing where traditional financial controls stop. Shadow AI, vendor compromise, and delayed recovery aren't fringe issues — they’re key cost drivers that impact liquidity, compliance, and performance.
By taking ownership of these controls, finance leaders can play a decisive role in limiting breach impact and ensuring business continuity.
Book a demo to see how Eftsure helps finance teams strengthen controls against cyber-enabled payment threats.
