Northdoor's CCO highlights alarming gap between AI adoption and security controls, leaving organisations exposed to new forms of cyberattack.
IBM’s newly released 2025 Cost of a Data Breach report reveals a worrying disconnect between AI adoption and effective cybersecurity protocols, according to AJ Thompson, Chief Commercial Officer of IT consultancy Northdoor plc. The report also ranks supply chain breaches as the most financially damaging threat to UK businesses, further underscoring the urgent need for action.
“Although the average cost of a data breach has decreased globally—from $4.88 million in 2024 to $4.44 million in 2025—that’s far from a reason to relax,” said Thompson. “This year’s findings make it clear that third-party risks and ungoverned AI use are the biggest blind spots for UK organisations.”
Conducted by the Ponemon Institute, the report analyses breaches from 600 organisations worldwide over a 12-month period ending February 2025. It identifies third-party and supply chain compromise as the breach type with the highest cost impact in the UK—averaging £241,620 per incident—and the longest resolution time globally, at 267 days, exceeding even malicious insider attacks.
“Cybercriminals now exploit the path of least resistance: the supply chain,” Thompson said. “Companies are investing heavily in perimeter defences, but without equal attention to third-party vulnerabilities, they’re essentially leaving the backdoor open.”
Time is Money: Containment Speed Drives Costs
The report found that UK organisations able to detect and contain breaches within 200 days faced average costs of £2.84 million, whereas those exceeding that threshold incurred costs of £3.74 million.
“That’s a staggering difference, and it highlights how critical it is to have clear visibility into potential breaches, especially from third-party vendors,” Thompson added.
AI’s Double-Edged Sword
While the report shows that organisations leveraging AI and automation extensively in their security operations saved $1.9 million globally and reduced breach lifecycles by 80 days, those benefits come with new risks.
In the UK, companies with high AI adoption saw breach costs of £3.11 million compared to £3.78 million for those with no automation. Yet 69% of UK organisations still have little to no AI or automation in place, and shadow AI, unauthorised AI tool use by employees, is emerging as a new threat vector.
“AI is powerful, but when its use is unsanctioned and ungoverned, it introduces chaos instead of control,” Thompson said. “The report found that 97% of AI-related security incidents occurred in organisations without proper AI access controls, and that 20% of all breaches involved shadow AI, higher than incidents from sanctioned AI use.”
Additionally, 11% of surveyed organisations didn’t know whether AI played a role in their breach, revealing a broader visibility issue.
Sector Spotlight: Healthcare and Financial Sectors Remain High-Risk
READ MORE: Archibald announces 20 high quality training places with Deloitte
Thompson pointed to sector-specific vulnerabilities: "Globally, the healthcare sector remains the most expensive for breaches at $7.42 million per incident, followed by financial services at $5.56 million. In the UK, financial services leads at £5.74m per breach, with technology at £4.93m and services at £4.80m."
“The risk is highest where the data is most sensitive—and attackers know it,” Thompson added.
Support Through Expertise
“This isn’t about a lack of expertise in IT teams—it’s about resourcing,” Thompson concluded. “Internal teams are overstretched, and external consultancies are often the fastest way to plug skills gaps, audit supply chain weaknesses, and bring AI usage under proper governance.”
Sync NI's Summer 2025 magazine celebrates women in tech across Ireland as we continue to encourage more women to enter the thriving sector and address the current gender imbalance. Read the Summer 2025 Sync NI Magazine online for free here.
