The IBM Cost of a Data Breach Report is the benchmark study for understanding the financial consequences of security failures. Now in its annual cycle for over two decades, it draws on hundreds of real breaches across industries and geographies. The 2024 and 2025 editions tell a story that security teams should read carefully: the most costly and slowest-to-detect breaches are not technical exploits — they are attacks against people. And AI has made those attacks dramatically cheaper to launch while the cost of being hit continues to rise.
-
Phishing Is the Most Expensive Way to Lose
Phishing is the number one initial attack vector, responsible for 16% of all breaches tracked in the IBM report. The average cost of a phishing breach reached $4.88 million in 2024. The average time to detect and contain it: 261 days. Social engineering breaches follow closely — $4.77 million average cost, 257 days to contain. Stolen credentials, which are frequently harvested through phishing and social engineering, take the longest of all: 292 days on average before the breach is identified and resolved.
These are not rare events. They are the most common path into an organization. And in every case, the entry point is a person — not a vulnerability in code, not a misconfigured server, but an employee who received a convincing message and took an action.
-
AI Has Made the Attack Dramatically Faster and Cheaper to Launch
The 2025 IBM report introduces a finding that fundamentally changes the economics of phishing: generative AI has reduced phishing email creation time from 16 hours to 5 minutes. The attacker's cost of entry has collapsed. One in six breaches now involves attackers actively using AI — 37% of those use AI-generated phishing, and 35% deploy deepfake impersonation to deceive employees at the moment of trust.
The defender's cost of failure, by contrast, has only grown. The attacker invests five minutes. The organization responds with an average of 261 days of investigation, containment, notification, and remediation — at a cost approaching $5 million. The asymmetry is not a gap that awareness training or policy updates will close.
-
74% of Breaches Involve a Human Element — Training Alone Does Not Stop It
IBM's data is unambiguous: 74% of all breaches involve the human element — through phishing, social engineering, credential misuse, or accidental error. Yet only 20% of employees correctly identify phishing in simulation tests, and only 11% of phishing victims actually report the incident to their security team. The detection gap is not a technology problem — it reflects the fundamental reality that humans are not reliable security controls.
The IBM report also documents the value of AI-powered defense. Organizations using AI and automation extensively in their security operations paid $3.84 million per breach on average — compared to $5.72 million for those that did not. That is a $1.88 million difference per incident, and they detected and contained breaches 98 days faster. The implication is clear: human-speed response is insufficient. Automated, AI-driven detection at the point of attack is what changes the outcome.
-
What Factor MTAD Does Differently
When phishing arrives on mobile — via SMS, a messaging app, or a cloned voice call — there is no perimeter tool positioned to intercept it. The message reaches the employee directly. The 261-day detection window that IBM documents is a window that opens the moment the employee engages with a malicious lure and closes only when the breach is eventually discovered — often by external parties.
MTAD closes that window before it opens. It analyzes messages, calls, and apps in real time on the device, detecting AI-generated lures, synthetic voice signatures, and behavioral patterns that signal a social engineering attempt — before the employee responds. The IBM data quantifies what it costs to detect a breach after the fact. MTAD is built to prevent the breach at the moment it is attempted.
