Companies must use AI solutions to help reduce data breach costs

By Beatriz Marie D. Cruz, Reporter

PHILIPPINE COMPANIES should use artificial intelligence (AI) solutions to strengthen their cybersecurity guardrails and lessen the cost of data breaches, according to IBM Verify Technology, a business unit of the International Business Machines Corp. (IBM).

Christopher Hockings, global outbound product manager at IBM Verify Technology, said companies must integrate AI in their cybersecurity frameworks as cybercriminals increasingly use these technologies to set up more sophisticated attacks.

“If attackers are using AI to move faster, we need to use AI to defend more quickly, too,” he told ����ý in a virtual interview.

“For example, if AI can look at more vulnerabilities at scale more quickly, then we need ways to identify those vulnerabilities more quickly and to patch and remediate them prior to an attacker exploiting them.”

In the Association of Southeast Asian Nations region, the average cost of a data breach rose by 13.6% to $3.67 million from $3.23 million last year, IBM said in its 2025 Cost of a Data Breach report.

Globally, data breach costs averaged $4.44 million, but organizations that used AI and automation extensively across their security operations saved $1.9 million in breach costs, it said.

According to Mr. Hockings, the best use cases of AI in cybersecurity include streamlining repetitive tasks, summarizing information on threats, and optimizing humans’ response time.

With the right investments, AI can also speed up detection and response to cyberthreats, he added.

“We’re already seeing that security standards that have existed are being modified to support AI scenarios.”

To effectively use AI for cybersecurity, companies must ensure full visibility and control of their identity infrastructure, he said. They must also integrate measures on data governance and compliance in their AI models.

For companies using AI robots or agents, stringent data protection and lineage measures must be implemented against cyberattacks, Mr. Hockings said.

“It’s very important that your robots or agents are well-known in terms of the models they’re using and the data they’re accessing.”

He also emphasized the importance of having a “zero trust” mindset, or that a user, device, or network can’t be granted access by default.

Companies should also implement a “human-in-the-loop” system to supervise the accuracy, safety, and accountability of AI models.

Increasing demand for AI-driven cybersecurity solutions has pushed tech vendors to integrate their products to deliver customers a more holistic view of cyber protection, he said.

He noted IBM’s recent acquisition of Hashi Corp., a software company focused on non-human and machine identity management.

This comes as non-human identity systems, such as desktop, mobile, and IoT (internet of things) devices, pose more threats than traditional or human identity domains, he said.

“Together, they deliver end-to-end security for human and non-human identities,” Mr. Hockings said. “We’re the same company now, so active collaboration and development initiatives are underway to fulfill the ambition of the acquisition.”

The Philippines ranked 16^th out of 250 countries on the most number data breaches in the third quarter with a total of 437,922 breached accounts in the period, according to cybersecurity provider Surfshark.

Among its peers in the East and Southeast Asian region, the Philippines was the second most breached country or territory.