Follow Us on Google
By Chinenye Anuforo
A new IBM report has revealed a shift in the cybersecurity landscape. For the first time in five years, the global average cost of a data breach has dropped to $4.44 million.
However, this good news is being overshadowed by a new and dangerous threat centered on the security risks posed by artificial intelligence.
According to the report by the Ponemon Institute, breaches involving AI systems are more expensive and 97% of organisations that had an AI breach lacked basic access controls.
“Threat actors are already starting to exploit these new vulnerabilities. AI security isn’t just an afterthought; it must be a foundational part of any security strategy”, warned Suja Viswesan, IBM’s Vice President of Security and Runtime Products.
Beyond the AI threat, the IBM report, which drew on data from 600 organizations worldwide, also brought other major trends to light. For example, human error and stolen credentials remain key factors in data breaches. Attackers are most commonly gaining access through phishing, which now accounts for 16% of all breaches.
The healthcare industry remains the most expensive target for the 14th consecutive year, with an average breach costing $7.42 million.
The United States stands alone with a record-high average data breach cost of $10.22 million and major breaches continue to have a huge impact, such as the Ticketmaster breach of 2024, which exposed the data of 560 million customers.
While these are global trends, the cybersecurity threat is also a significant local issue. In Nigeria, for example, a new exposé from the Foundation for Investigative Journalism (FIJ) reveals a major data breach at Nigeria’s National Identity Management Commission (NIMC). In this troubling situation, sensitive data like NINs and BVNs are allegedly being sold online for as little as ₦150. This alarming breach has continued for more than a year, despite a promised investigation.
Other News
In a separate case, the Nigeria Data Protection Commission (NDPC) imposed a hefty fine of ₦766.2 million on Multichoice Nigeria. The fine resulted from an investigation that found the company unlawfully transferred Nigerian subscribers’ personal data across borders without proper consent. The NDPC concluded that Multichoice’s data processing practices were “intrusive, unfair, unnecessary and disproportionate,” constituting a fundamental violation of privacy.
Additionally, a recent report from cybersecurity firm Surfshark revealed that the country recorded over 119,000 leaked data breaches in the first quarter of 2025. This makes Nigeria one of the most affected countries in Sub-Saharan Africa. The report’s analysis showed that 10 in every 100 Nigerians have been affected by data breaches since 2004, with 23.2 million user accounts compromised.
However, the Surfshark report also noted a positive trend, with an 85% drop in the number of leaked accounts in Nigeria from Q4 2024 to Q1 2025. This is in line with a global trend that saw leaked accounts fall by 93% year-on-year.
Despite this decline, experts warned against complacency. “Cyber threats are constantly evolving, and attackers are adapting their tactics. Strong security practices, frequent password updates, and enabling two-factor authentication remain essential”, said Luís Costa, a research lead at Surfshark.
A recent conference hosted by the Committee of Chief Information Security Officers of Nigerian Financial Institutions (CCISONFI) emphasized the urgent need for a unified front against these threats. Stanley Oduah of Routelink Group stressed the importance of collaboration to empower businesses and individuals with cutting-edge cybersecurity solutions. A 2024 report had previously highlighted that Nigeria’s financial sector experienced over ₦53.4 billion in losses to cybercrime.
In response, the federal government, through agencies like the NDPC and the Nigerian Communications Commission (NCC), is taking a more active role. This is evident in the fines on Multichoice and a previous fine of $220 million on Meta. The NCC is also developing a comprehensive cybersecurity framework to protect the nation’s communications infrastructure, aligning with the country’s National Cybersecurity Policy and Strategy. Collaborative efforts are also underway, with the National Cybersecurity Conference (NCSC) 2025.
The IBM report offered a way forward, showing that AI is not just a threat but can also be a powerful tool for defense. Organisations that use AI and automation in their security operations saved an average of $1.9 million and reduced the time to fix a breach by 80 days.
Recommendations for strengthening security include eliminating common vulnerabilities, implementing a tested incident response plan, regularly backing up and restoring data
Also, using 24/7 monitoring services, such as Managed Detection and Response (MDR) Chester Wisniewski, a director at cybersecurity firm Sophos, noted that MDR, combined with proactive strategies like multifactor authentication, can go a long way in preventing ransomware from the start.
