The latest IBM Cost of a Data Breach Report has revealed a troubling trend, showing that 51% of companies have no plans to increase their security spending even after suffering a data breach. This marks a sharp rise from 37% in 2024, sparking heightened concerns among cybersecurity experts.
The annual report, which provides an in-depth analysis of global data breach patterns and associated costs, underscores this concerning development at a time when cyber threats are growing increasingly sophisticated.
“The decision not to invest in cybersecurity after experiencing a breach is deeply flawed,” said AJ Thompson, CCO at Northdoor plc, a leading London-based IT consultancy specialising in data security. “A breach clearly indicates that existing security measures have failed. Without addressing these vulnerabilities, companies are simply inviting repeat attacks. This oversight is particularly costly, as our analysis shows organisations using AI and automation in their security systems save an average of $1.9 million per breach compared to those without such technologies.”
Thompson points to the rapidly evolving landscape of cyber threats as a key reason why companies must adapt their security measures. “The methods used by cybercriminals today are far more advanced than even a year ago. We’ve seen numerous high-profile attacks in 2025 that have caused severe financial and reputational damage to organisations that failed to update their security posture.”
The IBM report also found that the global average cost of a data breach has decreased to $4.4 million, primarily due to improved detection and containment capabilities. Organisations using AI and automation in their security systems saved an average of $1.9 million per breach compared to those without such technologies.
“Many companies overlook vulnerabilities within their supply chain, which can provide backdoor access to their systems,” Thompson added. “With many organisations lacking proper AI controls in their ecosystems, third-party risks have become even more pronounced in 2025. A comprehensive defensive strategy must include a thorough assessment of all potential entry points, including third-party vendors and partners.”
For organisations facing resource constraints, Thompson recommends partnering with security consultancies. “Working with security experts helps bridge gaps in expertise and personnel. These partnerships ensure ongoing security and compliance even as threats evolve and regulatory requirements change.”
The report comes as daily global cyberattacks exceed 2,200, with ransomware featuring in 44% of data breaches. Despite these statistics, only 3% of organisations have achieved mature security postures.
“The message is clear,” Thompson concluded. “Investing in cybersecurity is not an optional expense, it’s essential for survival in today’s digital landscape. Companies that fail to learn this lesson after experiencing a breach are likely to face even more costly incidents in the future.”
