Headline figure
The average breach cost $4.44M in 2025.
Down 9% from 2024's record $4.88M. The first significant decline in four years, attributed to AI-powered detection and faster response. The headline conceals regional divergence: US costs rose 9% to $10.22M.
Global average
$4.44M
Down 9% from 2024
US average
$10.22M
Record high, +9% YoY
Healthcare
$7.42M
#1 for 15 consecutive years
Mean detection
241 days
Lowest in 9 years
Section 02.1 / Year-over-year trend
Cost trend, 2019 - 2025
After reaching $4.88M in 2024, the global average declined 9% to $4.44M in 2025. The headline decline reverses four years of monotonic increase. Behind the global figure: US costs rose 9% to $10.22M, reflecting expanding state regulation and litigation costs.
Primary source:IBM Cost of a Data Breach Report 2019-2025 (Ponemon Institute, activity-based costing).
Section 02.2 / Cost per record by data type
What each record actually costs
Intellectual property carries the highest per-record cost at $178, reflecting long-term competitive damage and regulatory liability. Customer PII at $160 is driven by notification costs, credit monitoring obligations, and class-action exposure. Even anonymized data sits at $130 because re-identification risks have raised regulatory scrutiny.
Primary source:IBM Cost of a Data Breach Report 2025.
Section 02.3 / Detection & containment
The 200-day cost cliff
Mean time to identify and contain dropped to 241 days in 2025, the lowest figure in nine years of IBM research. The 200-day threshold is not arbitrary: breaches detected before that mark cost $3.87M on average; those exceeding it cost $5.01M, a $1.14M (24%) premium.
Mean detection
241 days
Lowest in 9 years
Under 200 days
$3.87M
Fast detection saves
Over 200 days
$5.01M
24% more expensive
Breaches detected within 200 days are typically contained before lateral movement, large-scale exfiltration, or persistent access take hold. After that mark, the probability of regulatory notification triggers, customer churn, and litigation all increase, compounding costs across every category. Credential-based attacks take longest to detect (292 days on average); breaches first identified by internal security tools are detected fastest.
Primary source:IBM Cost of a Data Breach Report 2025.
Section 02.4 / Cost by attack vector
Ransomware leads at $5.08M
Ransomware remains the most expensive attack vector, reflecting the combined costs of payment, extended downtime, forensic investigation, and recovery. Malicious-insider breaches are nearly as expensive due to detection difficulty and the access an insider already holds. Cloud misconfigurations cost less on average because cloud security posture management tools detect them faster.
Primary source:IBM Cost of a Data Breach Report 2025; Verizon DBIR 2025.
Section 02.5 / AI impact
$1.9M saved, $670K shadow penalty
The 2025 report shows a widening gap between organizations that have embraced AI-powered security and those that have not. Companies with extensive AI deployment saved $1.9M per breach on average, the largest single-technology cost difference IBM has ever measured. Shadow AI (unauthorized AI tools used by employees) added $670K to costs, a new 2025 risk category most organizations have not addressed.
AI / automation savings
-$1.9M
Per breach, extensive deploy
Shadow AI cost
+$0.67M
Unauthorized AI tool risk
Lifecycle reduction
80 days
Faster detect & contain
The organizations benefiting most from AI security are those with mature implementations integrated into their security operations. Buying AI-branded tools without integration yields minimal benefit. Capabilities driving the savings: automated alert triage (reducing false-positive investigation by 90%+), AI-assisted incident investigation (correlating indicators across data sources in seconds), and predictive risk scoring that prioritizes the vulnerabilities most likely to be exploited.
The shadow AI risk is new for 2025. Employees adopt unauthorized AI tools (ChatGPT, Copilot, Gemini) for work tasks and input sensitive data into systems outside the security perimeter. IBM finds breaches involving shadow AI cost an additional $670K on average, driven by expanded attack surface, data leakage through model inputs, and the difficulty of detecting unauthorized tool usage.
Primary source:IBM Cost of a Data Breach Report 2025.
Section 02.6 / Methodology
How IBM measures these figures
The IBM Cost of a Data Breach Report is conducted annually by the Ponemon Institute using activity-based costing (ABC) methodology. The 2025 report analyzed 604 organizations that experienced real data breaches between March 2024 and February 2025, across 17 countries and 16 industries. This is not a survey of hypothetical costs, it measures actual expenditures.
Costs are categorized into four areas: detection and escalation (forensics, investigation, audit, crisis management), notification (contacting affected individuals and regulators), post-breach response (help desk, credit monitoring, legal, identity protection), and lost business (customer churn, revenue loss, reputation damage). Each cost is tracked over two years following the breach, recognising that litigation and customer churn extend well beyond the initial incident.
Several limitations apply. The sample skews toward larger organizations, so small-business costs may differ significantly. The study relies on estimates from organizational representatives, which may not capture all hidden costs (opportunity cost, executive distraction, long-term competitive damage). Mega-breaches (over 1 million records) are analysed separately, so the $4.44M average excludes the most extreme incidents.
Primary source:IBM Cost of a Data Breach Report 2025. Last verified: April 2026.
Index / Companion schedules
01 Calculator
→Estimate exposure for your specific industry, size, region, and security posture.
03 By industry
→Healthcare $7.42M, financial $5.56M, all 10 sectors compared with per-record cost.
08 By country
→US ($10.22M) to Brazil ($1.36M), 14 IBM regions with multipliers.
06 Ransomware
→$5.08M average. Payment economics, refusal rate, recovery costs.
10 Cost breakdown
→Lost business 38%, detection 29%, the full anatomy.
05 Prevention ROI
→10 controls ranked by IBM-verified ROI multiple.
Schedule F / Reference Q&A