There is the old saying that `once someone has been burgled you can sell them the best alarm’ but when it comes to cyber attacks maybe people simply see them as part of life online? For companies there is the risk of being fined by regulators, not just being held to ransom by hackers. Here’s the word from Northdoor;
A disturbing trend has emerged from the latest IBM Cost of a Data Breach Report, revealing that 51% of companies do not plan to increase their security spending after experiencing a breach. This figure marks a significant rise from 37% in 2024, raising serious concerns among cybersecurity experts.
The annual report, which analyses global data breach trends and costs, highlights this alarming pattern at a time when cyber threats are becoming increasingly sophisticated.
“The decision not to invest in cybersecurity after experiencing a breach is deeply flawed,” said AJ Thompson, CCO at Northdoor plc, a leading London-based IT consultancy specialising in data security. “A breach clearly indicates that existing security measures have failed. Without addressing these vulnerabilities, companies are simply inviting repeat attacks. This oversight is particularly costly, as our analysis shows organisations using AI and automation in their security systems save an average of $1.9 million per breach compared to those without such technologies.”
Thompson points to the rapidly evolving landscape of cyber threats as a key reason why companies must adapt their security measures. “The methods used by cybercriminals today are far more advanced than even a year ago. We’ve seen numerous high-profile attacks in 2025 that have caused severe financial and reputational damage to organisations that failed to update their security posture.”
The IBM report also found that the global average cost of a data breach has decreased to $4.4 million, primarily due to improved detection and containment capabilities. Organisations using AI and automation in their security systems saved an average of $1.9 million per breach compared to those without such technologies.
“Many companies overlook vulnerabilities within their supply chain, which can provide backdoor access to their systems,” Thompson added. “With many organisations lacking proper AI controls in their ecosystems, third-party risks have become even more pronounced in 2025. A comprehensive defensive strategy must include a thorough assessment of all potential entry points, including third-party vendors and partners.”
For organisations facing resource constraints, Thompson recommends partnering with security consultancies. “Working with security experts helps bridge gaps in expertise and personnel. These partnerships ensure ongoing security and compliance even as threats evolve and regulatory requirements change.”
The report comes as daily global cyberattacks exceed 2,200, with ransomware featuring in 44% of data breaches. Despite these statistics, only 3% of organisations have achieved mature security postures.
“The message is clear,” Thompson concluded. “Investing in cybersecurity is not an optional expense, it’s essential for survival in today’s digital landscape. Companies that fail to learn this lesson after experiencing a breach are likely to face even more costly incidents in the future.”
Be the first to comment