UK witnesses drop in data breach costs as AI speeds detection

That said, less than one-third of UK organisations have deployed these technologies extensively, revealing more room for savings. 

The 2025 report – the research for which was conducted by the Ponemon Institute, with sponsorship and analysis courtesy of IBM – is based on real world data breaches experienced by 600 organisations across the globe including those in the UK. The study was conducted between March 2024 and February 2025.

Some of the key UK findings in the 2025 report include the following:

AI outpacing policy

Only 31% of the UK organisations responding to the study have governance policies in place to manage the use of AI and prevent shadow AI. Of those with these policies, the most common components include strict approval processes for AI deployments (45%) and use of AI governance technology (47%) 

Overexposed AI

Most (ie 63%) of the UK organisations which responded have reported not having AI access controls in place to reduce risks associated with attacks on AI models or applications, making these systems easy targets for bad actors

Accelerated breach response with AI

In the UK, organisations that responded and make extensive use of security AI and automation achieved a mean time to identify and contain data breaches of 148 and 42 days respectively, cutting breach response by 42 days compared to those not using these technologies (168 and 64 days)

Rising cyber threats from supply chains, phishing and credential breaches

Among surveyed UK organisations, the most commonly reported causes of data breaches were third party vendor and supply chain compromises (18%), phishing attacks (16%) and compromised credentials (11%)

Financial services breaches remain the costliest

The survey results indicate that the financial services sector remains the costliest UK industry for data breaches, with an average cost of £5.74 million in 2025P a 5% decrease from the previous year

“The data speaks for itself as organisations implementing robust AI-driven security automation are significantly reducing breach costs,” said Georgie Cohen, UK and Ireland cyber security services leader at IBM. “Yet at the same time, UK organisations are lacking the security controls and governance policies needed to protect AI systems from misuse or attacks. Now is the time to act decisively and match the investments made in AI with securely protecting the AI systems being deployed across every industry.”

Matthew Evans, chief operating officer and director for markets at techUK, stated: “IBM’s report shows a clear trend that AI technologies continue to be a great tool, not just for productivity, but also for security purposes. However, AI alone is not the answer. As data breaches become faster and smarter, people and organisations need the proper tools and skills to use AI in the right way in order to protect themselves. Lifelong learning in the form of courses, training and certifications can make the difference in supporting organisations and their employees in protecting themselves from costly data breaches.”

About the Cost of a Data Breach Report

The Cost of a Data Breach Report has investigated nearly 6,500 data breaches over the past 20 years. Since the inaugural report in 2005, the nature of breaches has evolved dramatically. Back then, risk was largely physical. Today, the threat landscape is overwhelmingly digital and increasingly targeted, with breaches now driven by a spectrum of malicious activity.

With the pace of enterprise AI adoption proliferating, for the first time, the Cost of a Data Breach research studied the state of security and governance for AI, the type of data targeted in security incidents involving AI, breach costs associated with AI-driven attacks and the prevalence and risk profile of shadow AI (unregulated, unauthorised use of AI).

*Download copies of the 2025 Cost of a Data Breach Report