Cutting cyber risk in an AI era – and data privacy’s role
Cutting cyber risk in an AI era – and data privacy’s role
https://www.weforum.org/stories/2026/06/update-data-privacy-tools-cybersecurity-risk-ai-era/
Publish Date: 2026-06-15 16:34:00
Source Domain: www.weforum.org
- The speed at which new technology operates means AI-enabled workflows could expose an organization’s internal data to a cyberattack in seconds.
- Last year, for example, companies paid an estimated $4.44 million per data-breach incident, according to research by IBM and Ponemon Institute.
- But a zero-trust architecture creates stronger identity-centric security controls and faster breach containment, which could lower data-breach costs.
In cybersecurity, the most persuasive arguments are often about cost.
In 2025, the global average data-breach cost to companies was estimated at $4.44 million per incident, according to research by IBM and Ponemon Institute. In particular, healthcare breaches averaged $7.42 million per incident and took the longest to identify and contain. These costs are occurring at a time when artificial intelligence (AI) systems are expanding the number of human and machine actors interacting with sensitive data.
Costs matter, but so do frameworks. One of today’s dominant cybersecurity frameworks is Zero Trust Architecture (ZTA). Moving beyond the older “castle-and-moat” assumption that actors inside an organization’s network perimeter are inherently trustworthy, ZTA is based on continuous verification of users, devices, applications and workloads.
While ZTA can require significant upfront investment, the IBM-Ponemon research has shown these kinds of stronger identity-centric security controls and faster breach containment can help lower breach costs.
And so zero trust has become a foundational architectural response to cloud and identity-centric security challenges. But what happens when the tools an organization uses to protect identity, devices, networks and applications fail and data moves beyond its intended boundaries?
This is an increasingly plausible scenario in the AI era and it points to the need for data-centric controls that protect sensitive information even after it leaves the environments where access was granted.
