IBM’s 2025 Cost of a Data Breach report highlighted a disturbing gap between AI implementation and associated security measures, writes AJ Thompson, pictured, CCO of the IT services firm Northdoor plc.
IBM’s annual Cost of a Data Breach report has revealed that the average cost of data breaches has, for the first time in five years, dropped from $4.88 million in 2024 to $4.44million in 2025. However, despite this drop the report highlights several areas that businesses need to focus on in the coming months if they are to keep cybercriminals out and remain compliant. The report, conducted by the Ponemon Institute on behalf of IBM, is based on data breaches experienced by 600 organisations globally from March 2024 to February 2025.
Cost of a data breach down
Let’s start with the good news. The average cost of a data breach has reduced, for the first time in five years. 2024 saw the average global cost rise to a, $4.88 million, 2025’s report has revealed that the cost has dropped to a slightly less staggering, $4.44 million. This trend is reflected in the UK too. 2024 saw the average cost in the UK work out to be £3.40 million with 2025 the number reducing to £3.29 million.
Healthcare and financial sectors remain the most expensive sectors for breaches
Perhaps not surprisingly the healthcare and financial sectors remaining the most expensive sectors for breaches. Globally the healthcare sector remained at the top with each breach measured to cost around $7.42 million with the financial sector next at $5.56 million. However, reflecting the general trend, both had dropped from 2024, with healthcare in particular wiping off £2.35 million from the average cost of a breach. In the UK it was the financial sector that led the way in the most expensive sector with each breach marked at £5.74m, with the technology sector coming next at £4.93m and the service sector third at £4.80 million.
As we have seen from the high-profile attacks that have taken place in the UK since the beginning of the year, the threat from the supply chain and third and fourth parties is now huge. Cybercriminals will always find the path of least resistance to gain access to their primary target. With many companies continuing to invest in frontline defences, cybercriminals have turned to using the ‘backdoor’ to secure data and access to systems.
This has been reflected in the 2025 report where a supply chain breach in the UK has been identified as the most expensive factor that will increase the cost of the data breach, measured at £241,620. The global report also highlights the added complexity of a supply chain attack with ‘Third-party vendor and supply chain compromise’ being identified as having the longest, and therefore most costly data breach lifecycle. With costs going up each day from compromise to resolution, supply chain attacks took on average, 267 days to resolve, a full week longer than malicious insider attacks.
The cost associated with longer containment times is clear from the report. For those companies in the UK, that can identify a breach and contain it within 200 days there is a significant drop in the average cost, marked at £2.84m. For those hit by a supply chain attack or are simply struggling to deal with the situation, when the breach takes over 200 days to resolve the cost rises considerably to £3.74m. The ability to identify where vulnerabilities lie within supply chains has to be the critical step for most organisations over the coming months. Without having such insight any spend on frontline defences is essentially negated as companies leave the backdoor ajar.
AI: The Good, the Bad and the Ugly
The implementation of AI tools throughout businesses is rising dramatically and is expected to continue to do so over the coming years.
This has had some positive outcomes in terms of security breaches. The global report found that those organisations who extensively used AI and automation throughout their security operations saved on average $1.9 million in breach costs and reduced the breach lifecycle by 80 days – a significant reduction in the level of disruption caused to a business. In the UK specifically for companies using AI extensively within their security networks the average cost of a breach is £3.11m, for those with no AI or security automation the average increases to £3.78m.
However, like all trends, the implementation of AI and particularly the unsanctioned use of AI by employees (shadow AI) can cause real issues within businesses. This is especially the case when the security protocols and governance levels have not kept up with the implementation of new tools. The global report found that 97 per cent of organisations that had an AI-related security incident to their models or applications also lacked proper AI access controls. In the UK the report found that 69 per cent of organisations in the UK have little or no AI or security automation in place, meaning that they are facing a significant rise in data breach costs.
It is also AI that seems to be driving the attacks from the supply chain. As we have seen attacks originating in third parties are increasing and it is AI that seems to be allowing cybercriminals the best access in. Many organisations that reported a security incident involving AI said the source was a third-party vendor and delivered via Software-as-a-Service (29 per cent).
It is the ‘uncontrolled’ use of AI that is causing the most pain for organisations. With employees using AI tools increasingly within their day-to-day roles, businesses must come to grips with controlling what is used and when. The report acknowledged that many breaches originating within unsanctioned use of AI by an employee may go undetected but for those that were identified, incidents involving shadow AI accounted for 20 per cent of breaches, seven percentage points higher than incidents originating from sanctioned use of AI. It is the 11 per cent of organisations who remain ‘unsure’ whether an incident came from the use of shadow AI that perhaps points to the reality, with many companies still struggling to come to grips with what AI is being used and by who.
Like most trends it will take time for companies to implement controls on employees utilising new tools; what they must be aware of though is that in the meantime cybercriminals will be making the most in the gap between shadow AI and associated controls.
Third-party IT consultants
Whilst the average cost of a data breach has reduced, IBM’s 2025 report has highlighted several areas that businesses need to address urgently if they are to remain secure and compliant.
None of these areas will probably come as a surprise to IT and security teams. So, if it is not a lack of knowledge of education within teams how are cybercriminals still able to gain access to so many organisations? The answer, of course, is resource with internal teams struggling with a lack of time and numbers in dealing with an increasingly sophisticated and numerous threats.
This is where third-party IT consultancies can help. Many are turning to consultancies to help plug gaps within their internal teams and to ensure that they have the right expertise to combat cybercriminal threats. With attacks coming from internal and external sources having a team of experts on your side who can help identify threats, highlight what new threats look like and how to deal with them, implementing new solutions that can help secure systems, highlighting vulnerabilities within your supply chain and ensure compliance to an increasingly complex regulatory landscape, all helps to reduce the chance of a breach and the huge, associated costs.
