Northdoor’s Chief Commercial Officer has raised concerns over a critical gap between the widespread implementation of AI and the lag in corresponding security measures, warning that this disconnect leaves organisations increasingly vulnerable to sophisticated cyberattacks.
The 2025 Cost of a Data Breach report from IBM highlights this growing issue, with AJ Thompson of Northdoor plc pointing to a “worrying disconnect between AI adoption and effective cybersecurity protocols.” The report further identifies supply chain breaches as the most financially severe risk currently facing UK enterprises, reinforcing the pressing need to bolster security practices across digital ecosystems.
“Although the average cost of a data breach has decreased globally—from $4.88 million in 2024 to $4.44 million in 2025—that’s far from a reason to relax,” said Thompson. “This year’s findings make it clear that third-party risks and ungoverned AI use are the biggest blind spots for UK organisations.”
Conducted by the Ponemon Institute, the report analyses breaches from 600 organisations worldwide over a 12-month period ending February 2025. It identifies third-party and supply chain compromise as the breach type with the highest cost impact in the UK—averaging £241,620 per incident—and the longest resolution time globally, at 267 days, exceeding even malicious insider attacks.
“Cybercriminals now exploit the path of least resistance: the supply chain,” Thompson said. “Companies are investing heavily in perimeter defences, but without equal attention to third-party vulnerabilities, they’re essentially leaving the backdoor open.”
Time is Money: Containment Speed Drives Costs
The report found that UK organisations able to detect and contain breaches within 200 days faced average costs of £2.84 million, whereas those exceeding that threshold incurred costs of £3.74 million.
“That’s a staggering difference, and it highlights how critical it is to have clear visibility into potential breaches, especially from third-party vendors,” Thompson added.
AI’s Double-Edged Sword
While the report shows that organisations leveraging AI and automation extensively in their security operations saved $1.9 million globally and reduced breach lifecycles by 80 days, those benefits come with new risks.
In the UK, companies with high AI adoption saw breach costs of £3.11 million compared to £3.78 million for those with no automation. Yet 69% of UK organisations still have little to no AI or automation in place, and shadow AI, unauthorised AI tool use by employees, is emerging as a new threat vector.
“AI is powerful, but when its use is unsanctioned and ungoverned, it introduces chaos instead of control,” Thompson said. “The report found that 97% of AI-related security incidents occurred in organisations without proper AI access controls, and that 20% of all breaches involved shadow AI, higher than incidents from sanctioned AI use.”
Additionally, 11% of surveyed organisations didn’t know whether AI played a role in their breach, revealing a broader visibility issue.
Sector Spotlight: Healthcare and Financial Sectors Remain High-Risk
Thompson pointed to sector-specific vulnerabilities: “Globally, the healthcare sector remains the most expensive for breaches at $7.42 million per incident, followed by financial services at $5.56 million. In the UK, financial services leads at £5.74m per breach, with technology at £4.93m and services at £4.80m.”
“The risk is highest where the data is most sensitive—and attackers know it,” Thompson added.
Support Through Expertise
“This isn’t about a lack of expertise in IT teams—it’s about resourcing,” Thompson concluded. “Internal teams are overstretched, and external consultancies are often the fastest way to plug skills gaps, audit supply chain weaknesses, and bring AI usage under proper governance.”
