Recent findings indicate that British organizations employing artificial intelligence (AI) in their cybersecurity frameworks are witnessing significant reductions in data breach costs, with savings amounting to hundreds of thousands of pounds.
This assertion is supported by the UK-specific segment of IBM’s Cost of a Data Breach Report, which was released this week. The report highlights that while fewer than one-third of UK organizations have integrated AI-driven security measures, those that did reported average data breach costs of £3.11 million per year, compared to £3.78 million for organizations that have not adopted such technologies.
The 2025 report, conducted by IBM and the Ponemon Institute, surveyed over 600 organizations globally, including approximately 8% based in the UK, that experienced breaches between March 2024 and March 2025. The extensive survey involved interviews with around 3,500 individuals who endured cybersecurity incidents.
Elaine Hanley, a partner at IBM Cybersecurity Services for the UK and Ireland, emphasized the dual-edged nature of AI in cybersecurity. She noted that organizations utilizing AI for threat detection and response significantly outperform those that do not. However, she acknowledged that cybercriminals are also leveraging AI, creating a competitive landscape where defenders must consistently adapt in real-time to counteract AI-enhanced attacks.
The IBM report reveals that UK organizations using AI and automation can detect and respond to cyber threats more rapidly. Specifically, the mean time to identify (MTTI) a breach in AI-optimized organizations was recorded at 148 days, while the mean time to contain (MTTC) dropped to 42 days. In contrast, those relying solely on traditional approaches faced an MTTI of 168 days and an MTTC of 64 days.
The Need for Enhanced Policies
While the advantages of AI-enhanced security are clear, the report indicates that UK organizations are lagging in the implementation of AI-focused security protocols. Notably, 63% of UK respondents indicated that they lacked AI-specific access controls to mitigate risks related to potential breaches against AI applications.
Additionally, only 31% of these organizations had established governance policies to regulate the use of unsanctioned, often referred to as shadow AI, by employees. Matthew Evans, Chief Operating Officer and Director for Markets at TechUK, remarked that while AI is a valuable tool for both productivity and security, it cannot serve as a standalone solution. As breaches evolve, organizations must invest in the right tools, skills, and training to effectively harness AI for their security needs.
Comprehensive Security Strategies
IBM’s findings emphasize that investment in AI is not the sole priority for organizations seeking to enhance their security posture. The report also highlights that organizations adhering to best practices in DevSecOps achieved substantial reductions in breach costs. Furthermore, investment in security analytics and security information and event management (SIEM) systems also contributed positively, albeit with comparatively less impact.
Organizations that experienced elevated breach costs were often those utilizing extensive shadow AI technologies or exhibiting increased complexity within their security architectures. Notably, breaches linked to third-party suppliers and supply chains surpassed incidents of phishing and credential theft among surveyed UK organizations.
As Hanley articulated, effective security transcends technical measures; it requires a comprehensive approach to manage third-party risks and ensure that all digital interactions uphold rigorous security standards.
Global Insights
Globally, the IBM report signifies a trend, noting that average data breach costs have declined in tandem with the UK’s findings, now averaging $4.44 million (£3.32 million). This marks the first decline since 2020.
Encouragingly, more organizations are adopting a firmer stance against ransomware, with 63% choosing not to pay demands, up from 59% in the previous year. However, a concerning trend emerged regarding post-breach investment plans; only 49% of respondents indicated intentions to increase cybersecurity spending, a notable decrease from 63% the prior year.
