Trust & Security

AI and Automation Saved Organizations $2.2 Million Per Breach in 2024. Here Is What That Number Actually Means.

IBM's 2024 breach report found that organizations using AI and automation extensively saved $2.2 million per breach on average. The business case is real. So are the limits. And the attacker-side problem the number does not capture.

2026-05-14 · 7 min read Trust & Security
AiPart 42 of 51
Ai Adoption S Curve Ai Adoption Social NAi Adoption Toe FramAi Agent Software 37Ai Agents Customer SAi Agents Principal Ai Ambidexterity ExpAi Chatbots Media RiAi Coding Effective Ai Colleague StructuAi Customer Service Ai Dependency ParadoAi Deskilling PeopleAi Energy SociotechnAi Ethics CeremonialAi Future Work AutomAi Garbage Can ModelAi Governance TheateAi Hallucination TruAi Healthcare IdentiAi Hiring Fairness MAi Implementation FaAi Is Research MethoAi Labor Market Is RAi Layoffs Budget RoAi Models Critical RAi Native DevelopmenAi Network Effects DAi Observational LeaAi Output Boundary OAi Participant Work Ai Pilots Dont BecomAi Pilots Dont BecomAi Pilots Dont BecomAi Pilots Dont BecomAi Policy GovernanceAi Productivity ParaAi Project CancellatAi Regulation GlobalAi Safety Pmt Fear DAi Scaling Gap Enter42Ai Security PlatformAi Self Efficacy DigAi Supercomputing RbAi Takes Over RoutinAi Task Technology FAi Training Data KnoAi Transaction Cost Ai Trust Repair WillAi Vendor Concentrat

I have been reading the IBM Cost of Data Breach Report for the past few weeks and the number that keeps pulling me back is not the headline. The headline is $4.88 million average breach cost in 2024, a 10% increase and the largest single-year jump since the pandemic, reported at https://www.ibm.com/reports/data-breach. That number is alarming enough. The number buried two pages later is the one with the most direct organizational implication: companies that extensively deployed AI and automation in their security functions saved $2.2 million per breach compared to companies that did not. That is not a rounding error. It is nearly half the average breach cost, and it is one of the clearest financial cases for a specific security investment I have encountered in recent industry data.

I want to be precise about what IBM means by "extensively deployed" AI and automation here, because the phrase can cover a lot of ground. IBM is measuring the deployment of AI and machine learning in security operations: things like AI-driven alert triage in SIEM platforms, automated playbook execution in SOAR systems, behavioral analytics for anomaly detection, and machine learning models that correlate events across large datasets to surface real incidents faster. It is not measuring AI-generated security policies or AI-written threat reports. It is measuring AI applied to the detection and containment workflow, where the output is faster response times and fewer analyst-hours spent on false positives.

The mechanism behind the savings is speed. IBM also found that organizations detecting breaches internally, rather than learning about them from an attacker disclosure or a third-party notification, shortened the breach lifecycle by 61 days and saved approximately $1 million. Those two findings connect directly: AI accelerates internal detection in environments where alert volume is too high for human analysts to process manually. A modern security information and event management system ingesting logs from cloud infrastructure, endpoints, identity systems, and network devices produces millions of events per day. Almost none of them are real incidents. Human analysts cannot triage a million events. AI models trained on historical attack patterns can filter, correlate, and prioritize in ways that surface real signals faster than any analyst working through a queue alone.

I want to use absorptive capacity (Cohen and Levinthal 1990) to explain why the $2.2 million savings is not uniformly available to organizations that want it. The theory describes an organization's ability to recognize, assimilate, and apply external knowledge, and argues that this ability depends on the organization's existing knowledge base and internal processing structures. AI security tools are external knowledge artifacts. Organizations that have mature security operations, experienced analysts who understand the domain, established data pipelines feeding the SIEM, and defined playbooks for incident response can absorb and apply AI tooling effectively. Those organizations had the foundation to recognize what the AI output means, act on it correctly, and improve the system over time.

Organizations without that foundation cannot absorb the same tooling at the same return. A SIEM with AI alert prioritization is only useful if analysts understand what the prioritized alerts mean and have the process to investigate them quickly. A SOAR system that automates playbook execution is only useful if the playbooks were good to begin with. Organizations that deploy AI security tooling on top of an immature security operations function will get noisy alerts they do not know how to handle, or automated responses that are poorly tuned to their environment, or dashboards that nobody has the expertise to read. The $2.2 million savings number is an average across organizations with different absorptive capacities. The organizations driving that average upward are the ones that had the prior knowledge base to make use of the tools.

The staffing shortage connection sharpens this. IBM found that organizations with severe security staffing shortages faced breach costs averaging $1.76 million higher than organizations with adequate staffing. Read those two numbers together: AI and automation save $2.2 million, and staffing shortages cost $1.76 million extra. If you are a security organization that cannot hire enough people, AI tooling is not just a productivity improvement. It is a partial substitute for capacity you cannot staff. The SIEM that AI-filters a million events down to the fifty most likely real incidents is doing analytical work that would otherwise require analysts who are not available in the labor market. That multiplier effect is the primary value proposition, and it is real under the right conditions.

There are real limits to that proposition, and I want to be honest about them. AI security tools require training data that reflects the organization's own environment. A model trained on generic attack patterns may perform poorly against adversaries who have done reconnaissance on the specific target and tailored their approach. False positives are a significant operational problem: an AI system that flags too much trains analysts to ignore flags, which is worse than no flagging at all. The most sophisticated attacks, the kind that unfold slowly over weeks or months using legitimate tools and normal-looking behavior, look like normal activity for most of their lifecycle. AI excels at detecting known patterns at scale. It is weaker at detecting novel behavior with no precedent in the training data. Security architects who understand system design and can model attacker logic are not replaceable by any current AI system.

There is also an attacker-side AI problem that the savings number does not capture. The same period that produced the $2.2 million savings figure saw AI being used to generate more convincing phishing content, to automate reconnaissance, and to generate malware variants that evade signature-based detection. I want to be careful here because I have not verified specific detection rate comparisons from a primary source. The directional claim, that AI makes attacker tooling more effective and more accessible to actors who previously lacked technical sophistication, is consistent with what security practitioners are reporting. The net effect of AI on the security landscape is not unambiguously positive for defenders. It is a capability that benefits whichever side uses it more effectively, and that is not guaranteed to be the defender.

Gartner projects worldwide information security spending at $213 billion for 2025, at https://www.gartner.com/en/newsroom. That is the budget context inside which the $2.2 million savings figure lives. At $213 billion in annual spending, marginal investment in AI tooling that reduces breach cost by nearly half the average looks like a compelling allocation. The problem is that most of the $213 billion continues to flow to traditional categories: endpoint protection, identity management, network security, compliance and risk management. AI security is a growing slice but not the dominant one. Organizations buying AI security tooling often layer it on top of existing tool sprawl rather than replacing anything, which means they are paying both the old cost and the new cost without necessarily getting the integration that makes AI tooling effective.

What the IBM data is actually pointing at, in my reading, is something more structural than a technology recommendation. Organizations that invest in faster detection and response capabilities, whether through AI tooling, better staffing, cleaner data pipelines, or more mature playbooks, get materially better outcomes. AI is one path to faster detection, but it works best when it is integrated into a security operations function that already has the people and processes to act on what it finds. The $2.2 million savings is not from the tool in isolation. It is from the combination of the tool and an organization with the absorptive capacity to use it. That is the finding I wish the IBM report stated more directly, because the marketing around AI security tools tends to imply the savings come from the purchase, not from the organizational capability behind it.

---
claims_checked:
- "AI and automation saves $2.2 million in breach costs on average": "https://www.ibm.com/reports/data-breach"
- "Internal detection shortens lifecycle by 61 days, saves approximately $1 million": "https://www.ibm.com/reports/data-breach"
- "Average breach cost $4.88 million, 10% increase, largest jump since pandemic": "https://www.ibm.com/reports/data-breach"
- "Severe staffing shortages add $1.76 million to breach costs": "https://www.ibm.com/reports/data-breach"
- "Information security end-user spending 2025: $213 billion (Gartner)": "https://www.gartner.com/en/newsroom"
- "Absorptive capacity theory, Cohen and Levinthal 1990": "foundational IS theory, no URL required"
claims_unverified:
- "AI-generated phishing emails detection rates: directional claim hedged as practitioner-reported; no primary study cited"
- "AI being used for attacker reconnaissance and malware variant generation: directional claim hedged as consistent with practitioner reporting"
- "Specific vendor SIEM accuracy marketing claims: intentionally excluded; skepticism noted in text"
sources_used:
- "https://www.ibm.com/reports/data-breach"
- "https://www.gartner.com/en/newsroom"
word_count: 1090

About the author

A
Ali Safari
PhD Student in IS, University of North Texas

Researching AI governance, trust in intelligent systems, and agentic AI. Writing while studying for comps.

in gs

Share

More notes

← Previous
AI Security Platforms Are Governance Boundary Resources
Next →
AI Safety Frameworks Are PMT Without Using the Name

Related notes

IS Theory
Protection Motivation Theory Is Trapped in Cybersecurity
5 min read
IS Theory
Cybersecurity Economics Is an IS Problem Hiding in Plain Sight
8 min read
IS Theory
Trust Calibration for AI Is Not Trust Calibration for Humans
7 min read