The average data breach now costs US organizations $10.22 million — an all-time high for any country — while the global average fell to $4.44 million in 2025, the first decline in five years. The gap between those two numbers tells the real story of breach costs in 2026 (IBM Cost of a Data Breach Report 2025, Ponemon Institute).
The global decline is real but misleading in isolation. It reflects faster AI-powered detection at security-mature organizations and a shift in breach volume toward lower-cost regions. For US businesses — particularly those in healthcare, finance, and professional services — breach costs are moving in the opposite direction, driven by steeper regulatory fines, higher litigation exposure, and the hidden premium of ungoverned AI adoption.
This article aggregates data from IBM’s Cost of a Data Breach Report 2025 (the gold standard — 600 organizations, 17 industries, 16 countries, 20 years of data), the Verizon 2025 Data Breach Investigations Report, the Identity Theft Resource Center 2025 Annual Data Breach Report, and supporting research from Ponemon Institute. 46 verified data points. Every stat traced to a primary source. Updated May 2026.
Key Takeaways
- The global average cost of a data breach fell 9% to $4.44 million in 2025 — the first decline in five years (IBM Cost of Data Breach Report, 2025).
- The US average hit an all-time high of $10.22 million — 2.3× the global average — driven by regulatory fines and escalation costs (IBM, 2025).
- The US has led the world in breach costs for 15 consecutive years (IBM, 2025).
- Healthcare remains the most expensive industry at $7.42 million per breach — its 15th consecutive year at the top (IBM, 2025).
- The average breach lifecycle dropped to 241 days — 181 to detect, 60 to contain — the shortest in nine years (IBM, 2025).
- Breaches taking over 200 days to contain cost $1.14 million more than those contained within 200 days (IBM, 2025).
- Organizations using AI security tools extensively saved $1.9 million per breach and detected incidents 80 days faster (IBM, 2025).
- Having a tested incident response plan saves an average of $2.66 million per breach (IBM, 2025).
- Shadow AI added an average of $670,000 to breach costs at organizations with high unauthorized AI use (IBM, 2025).
- Customer PII was compromised in 53% of all breaches — the most frequently stolen data type (IBM, 2025).
- Supply chain breaches cost an average of $4.91 million and took the longest to resolve at 267 days (IBM, 2025).
- 86% of breached organizations reported operational disruption including delayed sales, interrupted services, or halted production (IBM, 2025).
1 Global vs. US Breach Costs: The Widening Gap
The 9% global decline in breach costs is the headline — but it obscures a more important story. The improvement is concentrated in regions that have rapidly adopted AI-powered security tools and in countries where breach volume shifted toward smaller incidents. The United States moved in the opposite direction. At $10.22 million, US breach costs are now 130% above the global average — a gap that has widened every year for the past decade. Higher regulatory penalties, state-level breach notification laws across all 50 states, and greater litigation exposure all contribute. For any business operating in the US, the global average is functionally irrelevant to budgeting decisions.
| Country / Region | Avg Breach Cost (2025) | Source |
|---|---|---|
| 🇺🇸 United States | $10.22 million (all-time high) | IBM Cost of Data Breach, 2025 |
| 🌍 Middle East | $7.29 million | IBM Cost of Data Breach, 2025 |
| 🇪🇺 Benelux | $6.24 million | IBM Cost of Data Breach, 2025 |
| 🇨🇦 Canada | $4.84 million | IBM Cost of Data Breach, 2025 |
| 🇬🇧 United Kingdom | $4.14 million (£3.29M) | IBM Cost of Data Breach, 2025 |
| 🌏 ASEAN | $3.67 million | IBM Cost of Data Breach, 2025 |
| 🇦🇺 Australia | $2.55 million | IBM Cost of Data Breach, 2025 |
| 🇮🇳 India | $2.51 million | IBM Cost of Data Breach, 2025 |
| 🇧🇷 Brazil | $1.22 million (lowest tracked) | IBM Cost of Data Breach, 2025 |
| 🌐 Global average | $4.44 million (−9% from 2024) | IBM Cost of Data Breach, 2025 |
IBM Cost of a Data Breach Report 2025 →
2 Data Breach Cost by Industry
Industry is one of the strongest predictors of breach cost — not because some industries are targeted more, but because the regulatory penalties, data sensitivity, and operational disruption costs vary dramatically. Healthcare’s 15-year reign at the top is structural: HIPAA fines, the high black-market value of medical records (worth 10–40× more than credit card numbers), and life-critical system disruption combine to produce costs nearly double the global average. For any regulated industry, the IBM benchmark should be the starting point for breach cost modeling, not the global average.
Average data breach cost by industry (IBM Cost of Data Breach Report 2025)
Source: IBM Cost of a Data Breach Report 2025 (Ponemon Institute). Healthcare leads for the 15th consecutive year.
| Industry | Avg Breach Cost | Notable Factor |
|---|---|---|
| Healthcare | $7.42 million | 15th consecutive year at top; 279-day avg lifecycle |
| Financial services | $5.56 million | 739 US incidents in 2025 (ITRC); highest volume by sector |
| Industrial / manufacturing | $5.00 million | OT/IT convergence expanding attack surface |
| Energy | $4.83 million | Critical infrastructure targeting increasing |
| Technology | $4.79 million | IP theft most expensive at $178/record |
| Supply chain / third-party | $4.91 million | Longest to resolve: 267 days avg |
| Education | $3.80 million | 66% of K-12 districts lack specialist security staff |
| Public sector | $2.86 million | Lowest avg cost; highest attack volume in some regions |
IBM Cost of a Data Breach 2025 → | Verizon DBIR 2025 →
See Industry-Specific IT Solutions From CNiC →
3 The Breach Lifecycle: Why Detection Speed Is Everything
The single most controllable cost variable in a data breach is how fast you find it. IBM’s 2025 data quantifies what security professionals have long argued: every day of undetected access adds cost. At $4.44 million over a 241-day average lifecycle, that works out to roughly $18,400 per day of dwell time. Organizations that contain breaches within 200 days pay $3.87 million on average. Those that take longer pay $5.01 million — a $1.14 million premium for slow detection. The difference is almost always down to monitoring capability, not luck.
| Lifecycle Metric | Value | Source |
|---|---|---|
| Global avg breach lifecycle (2025) | 241 days (9-year low) | IBM Cost of Data Breach, 2025 |
| Days to identify a breach (global avg) | 181 days | IBM Cost of Data Breach, 2025 |
| Days to contain a breach (global avg) | 60 days | IBM Cost of Data Breach, 2025 |
| Healthcare avg breach lifecycle | 279 days (38 days above global avg) | IBM Cost of Data Breach, 2025 |
| Cost of breaches contained within 200 days | $3.87 million | IBM Cost of Data Breach, 2025 |
| Cost of breaches taking over 200 days | $5.01 million | IBM Cost of Data Breach, 2025 |
| Cost penalty for slow detection (over vs. under 200 days) | $1.14 million more | IBM Cost of Data Breach, 2025 |
| Breach lifecycle reduction with extensive AI use | 80 days faster | IBM Cost of Data Breach, 2025 |
| Organizations taking over 100 days to fully recover | 76% | IBM Cost of Data Breach, 2025 |
IBM Cost of a Data Breach 2025 →
4 What Drives Breach Costs Up — And What Brings Them Down
IBM’s 2025 report quantifies both amplifiers and mitigators precisely enough to build a defensible business case for security investment. The math is unambiguous: the top four cost-reduction controls combined can save more than the average breach costs. A tested incident response plan alone saves $2.66 million. AI and automation save $1.9 million. Zero trust architecture saves $1.76 million. Law enforcement involvement saves $990,000. Organizations with all four in place regularly see breach costs below $2 million — less than half the global average.
| Factor | Cost Impact | Source |
|---|---|---|
| Tested incident response plan | −$2.66 million saved | IBM Cost of Data Breach, 2025 |
| Extensive AI & automation in security | −$1.9 million saved | IBM Cost of Data Breach, 2025 |
| Zero trust architecture | −$1.76 million saved | IBM Cost of Data Breach, 2025 |
| Law enforcement involvement | −$990,000 saved | IBM Cost of Data Breach, 2025 |
| DevSecOps approach | −$227,192 saved | IBM Cost of Data Breach, 2025 |
| AI/ML security insights | −$223,503 saved | IBM Cost of Data Breach, 2025 |
| Security analytics / SIEM | −$212,061 saved | IBM Cost of Data Breach, 2025 |
| Shadow AI (high unauthorized use) | +$670,000 added cost | IBM Cost of Data Breach, 2025 |
| Malicious insider attack vector | +$4.92 million avg cost | IBM Cost of Data Breach, 2025 |
| Breaches spanning multiple environments | +$5.05 million avg cost (highest) | IBM Cost of Data Breach, 2025 |
IBM Cost of a Data Breach 2025 →
Build a Proactive Security Strategy With CNiC vCIO →
5 What Gets Stolen — And What It Costs Per Record
Not all stolen data carries the same financial weight. Customer PII is the most commonly compromised data type — present in 53% of all breaches — because it is the most tradeable on criminal markets. But intellectual property, though stolen less often, commands the highest per-record cost at $178. Medical records sit in a category of their own: immutable personal data that cannot be cancelled or replaced, worth 10–40 times more than a credit card number on criminal markets. Understanding what data you hold is the foundation of accurate breach cost modeling.
| Data Type / Breach Characteristic | Stat | Source |
|---|---|---|
| Customer PII compromised | 53% of all breaches | IBM Cost of Data Breach, 2025 |
| Intellectual property cost per record | $178/record (highest of any data type) | IBM Cost of Data Breach, 2025 |
| Shadow AI breaches exposing PII | 65% (vs. 53% global average) | IBM Cost of Data Breach, 2025 |
| Breaches involving data across multiple environments | 30% — avg cost $5.05M, lifecycle 276 days | IBM Cost of Data Breach, 2025 |
| Organizations with operational disruption post-breach | 86% (delayed sales, halted production) | IBM Cost of Data Breach, 2025 |
| Organizations raising prices to offset breach costs | 45% (down from 63% in 2024) | IBM Cost of Data Breach, 2025 |
| Phishing as most common initial attack vector | 16% of breaches, avg cost $4.8M | IBM Cost of Data Breach, 2025 |
| Supply chain compromise avg cost | $4.91 million (267-day avg lifecycle) | IBM Cost of Data Breach, 2025 |
IBM Cost of a Data Breach 2025 →
6 The AI Factor: Defender and Attacker
AI’s role in breach costs cuts both ways in 2025 — and the data is precise enough to act on. On the defense side, organizations using AI and automation extensively in security operations pay $3.62 million per breach on average versus $5.52 million for those without — a $1.9 million gap that is widening annually. On the attack side, shadow AI (employees using unauthorized AI tools) added $670,000 to average breach costs and created a new category of breach that IBM tracked for the first time. The organizations most at risk are those adopting AI aggressively while ignoring the governance structures that keep it secure.
| AI Security Metric | Value | Source |
|---|---|---|
| Avg breach cost — extensive AI/automation use | $3.62 million | IBM Cost of Data Breach, 2025 |
| Avg breach cost — no AI/automation | $5.52 million | IBM Cost of Data Breach, 2025 |
| Savings from extensive AI security use | $1.9 million per breach | IBM Cost of Data Breach, 2025 |
| Breach lifecycle reduction with AI tools | 80 days faster | IBM Cost of Data Breach, 2025 |
| Shadow AI cost premium (high use) | +$670,000 above average | IBM Cost of Data Breach, 2025 |
| Breaches involving shadow AI | 20% of all studied breaches | IBM Cost of Data Breach, 2025 |
| AI-related breaches lacking access controls | 97% | IBM Cost of Data Breach, 2025 |
| Organizations lacking AI governance policies | 63% | IBM Cost of Data Breach, 2025 |
| Breaches involving AI-driven attacks (attacker use) | 16% (phishing 37%, deepfakes 35%) | IBM Cost of Data Breach, 2025 |
IBM Cost of a Data Breach 2025 →
Data Breach Costs by the Numbers: Summary
| Metric | Value | Source |
|---|---|---|
| Global avg data breach cost (2025) | $4.44 million (−9% from 2024) | IBM, 2025 |
| US avg data breach cost (2025) | $10.22 million (all-time high) | IBM, 2025 |
| Middle East avg breach cost | $7.29 million | IBM, 2025 |
| Benelux avg breach cost | $6.24 million | IBM, 2025 |
| Canada avg breach cost | $4.84 million | IBM, 2025 |
| UK avg breach cost | $4.14 million | IBM, 2025 |
| Brazil avg breach cost (lowest) | $1.22 million | IBM, 2025 |
| Healthcare industry avg breach cost | $7.42 million (15th year at top) | IBM, 2025 |
| Financial services avg breach cost | $5.56 million | IBM, 2025 |
| Public sector avg breach cost (lowest) | $2.86 million | IBM, 2025 |
| Global avg breach lifecycle | 241 days (9-year low) | IBM, 2025 |
| Days to identify (global avg) | 181 days | IBM, 2025 |
| Days to contain (global avg) | 60 days | IBM, 2025 |
| Healthcare avg breach lifecycle | 279 days | IBM, 2025 |
| Cost savings — tested IR plan | $2.66 million | IBM, 2025 |
| Cost savings — extensive AI use | $1.9 million | IBM, 2025 |
| Cost savings — zero trust architecture | $1.76 million | IBM, 2025 |
| Cost added — shadow AI (high use) | +$670,000 | IBM, 2025 |
| Customer PII compromised | 53% of all breaches | IBM, 2025 |
| Orgs with operational disruption post-breach | 86% | IBM, 2025 |
Frequently Asked Questions
What is the average cost of a data breach in 2026?
The global average cost of a data breach is $4.44 million in 2025 — a 9% decline from $4.88 million in 2024 and the first decrease in five years, per IBM’s Cost of a Data Breach Report 2025. However, the US average hit an all-time high of $10.22 million, driven by higher regulatory fines and escalation costs. US organizations have led the world in breach costs for 15 consecutive years.
Which industry has the highest data breach costs?
Healthcare has had the highest average data breach cost of any industry for 15 consecutive years, reaching $7.42 million per breach in 2025 (IBM Cost of a Data Breach Report 2025). Financial services ranks second at $5.56 million, followed by the industrial sector at $5.00 million. The public sector has the lowest average at $2.86 million.
How long does it take to detect and contain a data breach?
The global average breach lifecycle dropped to 241 days in 2025 — comprising 181 days to identify and 60 days to contain — the shortest in nine years (IBM, 2025). Breaches contained within 200 days cost an average of $3.87 million, while those exceeding 200 days cost $5.01 million — a $1.14 million penalty for slow detection. Healthcare organizations took 279 days on average, contributing to their industry-leading costs.
What reduces the cost of a data breach the most?
According to IBM’s 2025 Cost of a Data Breach Report, the biggest cost reducers are: a tested incident response plan ($2.66 million saved), extensive use of AI and automation in security operations ($1.9 million saved), zero-trust architecture ($1.76 million saved), and law enforcement involvement ($990,000 saved). Organizations with all four controls in place can reduce costs well below the global average.
What is the most common type of data compromised in a breach?
Customer personally identifiable information (PII) is the most frequently compromised data type, involved in 53% of breaches according to IBM’s 2025 Cost of a Data Breach Report. Intellectual property is stolen less often but carries the highest cost per record at $178. Shadow AI breaches expose PII at an even higher rate of 65%, making AI governance a critical data protection issue.
Methodology & Sources
All statistics in this article are traced to primary research sources. The IBM Cost of a Data Breach Report 2025 is the primary source for all cost, lifecycle, industry, and country data — it is the only study of its kind that quantifies breach costs across 600+ organizations using a consistent methodology over 20 years. Supporting data comes from Verizon and ITRC for breach frequency and attack vector data.
Primary sources used
- IBM Cost of a Data Breach Report 2025 (Ponemon Institute — 600 organizations, 17 industries, 16 countries, March 2024–February 2025). ibm.com →
- Verizon 2025 Data Breach Investigations Report (DBIR) — 22,000+ incidents, 12,195 confirmed breaches. verizon.com →
- Identity Theft Resource Center (ITRC) 2025 Annual Data Breach Report — US breach counts by sector. idtheftcenter.org →
- IBM X-Force Threat Intelligence Index 2025. ibm.com →
- SpyCloud 2025 Identity Exposure Report — initial attack vector data.
Last updated: May 2026. Update schedule: Updated annually when IBM releases its new Cost of a Data Breach Report (typically July–August). Interim updates made when major supporting sources publish new data.
Scope note: IBM’s Cost of a Data Breach Report measures costs experienced by organizations that suffered a breach — it is not a sample of all organizations. Costs include detection, escalation, notification, lost business, and post-breach response. It does not include regulatory fines as a separate line item but captures their effect in total cost figures.
related posts
Ransomware Payout Statistics 2026: What Victims Actually Pay
May 15, 2026Ransomware payments tell a story of contradictions. In 2024, total global ransom payments dropped 35% year-over-year…
Small Business Cyber Attack Statistics (2026): Attack Rates, Costs, and Defense
May 14, 2026Small and medium businesses experienced approximately 4 times more confirmed data breaches than large organizations in…
Ransomware Statistics (2026): Attacks, Costs & Industry Targets
May 14, 2026Ransomware was present in 44% of all confirmed data breaches in 2025 — up from 32%…
Cybersecurity Statistics (2026): 52+ Data Points on Cybercrime
May 14, 2026US cybercrime losses hit $20.9 billion in 2025 — a 26% jump year-over-year and the first…