“If they don’t feel like the organization is able to protect them or customers in the event of a breach, or that they blame their employees for a breach, then they’re likely going to start looking for jobs elsewhere because it creates a bit of a hostile environment for them,” she says. “It is very important for organizations to recognize that they need to accept responsibility and protect both their employees and their customers.”
Taking a DevSecOps approach to software development was the No. 1 factor that reduced breach costs, according to the report, ahead of use of AI and machine-learning insights. Running a security information and event management (SIEM) platform for detecting and responding to threats rounded out the top three factors.
One in five organizations (20%) said they suffered a breach due to security incidents involving shadow or unsanctioned use of AI tools. Shadow AI is starting to rival supply chain breaches and security system complexity as a leading factor in exacerbating breach costs, according to the report.
Security AI and automation
In the face of staff and skills shortages, CISOs are increasingly turning to AI and automation to close the gap.
According to IBM’s latest report, the average cost saving per breach for organizations using security AI and automation tools was $2.22 million, up from $1.76 million in 2023.
UK organizations using AI and automation across their security operations saw data breach costs drop to £3.11 million per year, much lower than the £3.78 million average cost for those not using these technologies. Less than one-third of UK organizations were making extensive use of AI technologies in their security operations, up slightly from last year’s figures.
In the UK, organizations reporting extensive use of security AI and automation achieved a mean time to identify (MTTI) and contain (MTTC) data breaches of 148 and 42 days, respectively — cutting breach response by 42 days compared to those not using these technologies (168 and 64 days).
AI can sift through massive volumes of data in real-time, flag suspicious behaviour, and even take immediate containment actions — often before a human analyst can react.
“This is the difference between responding in hours versus days, which results in lower costs,” says Craig Watt, threat intel analyst at Quorum Cyber. “But AI still doesn’t eliminate the breach.”
Watt adds: “Automation may buy time, but it’s not yet curbing the broader financial fallout.”
Ensar Seker, CISO at threat intelligence platform vendor SOCRadar, agrees that security AI and automation can be effective in reducing breach response times, largely by enabling faster detection, containment, and remediation without waiting for manual intervention.
“Organizations that have integrated AI-driven threat detection with automated response workflows can cut incident lifecycles dramatically, which directly impacts breach costs by limiting the window of damage,” Seker says.
However, these benefits are uneven. “Companies without mature processes or the right data pipelines often don’t realize the full gains AI promises,” Seker warns. “Companies without mature processes or the right data pipelines often don’t realize the full gains AI promises.”
Security incidents involving an organization’s AI infrastructure remain limited — for now. On average, 13% of organizations reported breaches that involved their AI models or applications. But among those that experienced an AI-related security incident, almost all (97%) lacked proper AI access controls.
The most common of these security incidents occurred in the AI supply chain, through compromised apps, APIs, or plug-ins. These incidents sometimes had a cascading effect: leading onto broader data compromise (in 60% of cases) and operational disruption (31%).
Preparedness is key to managing data breach costs
There was a significant reduction in the number of global organizations that said they plan to invest in security following a breach (49% in 2025 compared to 63% in 2024). Less than half of those that plan to invest post-breach will focus on AI-driven security solutions or services.
No matter the specific costs involved, experts agree that preparedness is key to mitigating the financial repercussions of a breach.
“Faster incident response continues to be a clear driver for lowering the cost of a breach,” UST’s Dutile says. “The worst losses are those that go undetected for an extended time or have a slow or ineffective response.”
Modern cybersecurity requires a post-breach mindset which understands that, eventually, a successful data breach is going to occur, Forrester’s Mellen adds.
“Operating under those conditions, you need to figure out how you’re going to handle that and build your resiliency to respond better and faster. This isn’t just about the security function either, and it needs to be spread across an organization, considering what marketing is going to do, what sales is going to do, etc. — how, as a business, you can demonstrate you value your customers and that you want to make it right as quickly and effectively as possible,” she says.
