What is the Cost of Data Breach (Latest Research Findings)

Learn what data breaches actually cost and what you can do to lower that number.

According to IBM’s 2025 Cost of a Data Breach Report, the global average dropped to $4.44 million. But if you’re a US company, you’re now paying $10.22 million on average, a record high.

Where you operate and how fast you detect the breach change the final number. So does whether you’re using AI in your security stack.

Below, we break down what drives data breach costs up and what brings them down. Plus what you can do right now to reduce your exposure.

How Much Does a Data Breach Cost?

The global average cost of a data breach dropped to $4.44 million in 2025, down from $4.88 million the prior year. IBM calculates this across hundreds of real breaches each year, covering everything from detection and investigation to notification and legal costs, plus lost business. That sounds like good news until you look at the regional breakdown.

US companies now pay $10.22 million per breach on average, a 9% increase and a new record. The Middle East remains the second most expensive region. The gap between the US and the rest of the world continues to widen.

The cost per compromised record tells a similar story. Intellectual property records cost $178 each when breached. Customer personally identifiable information (PII) was involved in 53% of all incidents, making it the most commonly exposed data type.

Here’s how the global average has trended over recent years:

• 2020: $3.86 million
• 2021: $4.24 million
• 2022: $4.35 million
• 2023: $4.45 million
• 2024: $4.88 million (record high)
• 2025: $4.44 million

The 2025 drop stands out, but it doesn’t mean breaches are getting cheaper everywhere. The decline is driven partly by improvements in AI-assisted detection and partly by regional variations. Companies in the US and the healthcare industry are still paying more than ever. Financial services costs are up as well.

IBM splits breach costs into four categories. Detection and escalation covers finding and investigating the breach. Notification covers telling affected parties. Post-breach response includes remediation and legal costs. Lost business captures customer churn and system downtime. Lost business and detection typically make up the largest portions.

The average time from compromise to containment hit 241 days, the shortest in nine years. Catching breaches sooner directly translates to lower costs.

What Drives Data Breach Costs Up?

Not all breaches cost the same. The attack vector and how long it takes to detect both change the final number.

Attack vectors with the highest costs:

• Ransomware and extortion: $5.08 million average. Extortion-only attacks (stealing data and threatening to publish rather than encrypting) are increasingly common
• Supply chain compromises: $4.91 million. These take longer to detect because the initial access comes through a trusted vendor
• Phishing: $4.8 million per incident, involved in 16% of breaches

Shadow AI is a new cost driver. This term started showing up in IBM’s 2025 report for the first time. If you haven’t heard it yet, you will.

Shadow AI added $670,000 to breach costs in 2025, and it caused about one in five breaches. Employees paste customer data or internal documents into AI tools without encryption or access controls, and that data ends up somewhere your security team can’t protect.

Stolen credentials still take the longest to contain. Breaches that start with compromised passwords have the longest detection-to-containment window. Attackers who log in with valid credentials look like legitimate users, which is why these breaches go undetected for months. The longer they have access, the more data they exfiltrate and the higher the final cost. Credentials typically leak through infostealer malware and third-party breaches. Phishing is another common source. The Verizon 2025 DBIR confirms that stolen credentials remain the top initial access method across all breach types.

Operational disruption hits hard. 86% of breached companies reported serious operational disruption. Lost business and system downtime make up the largest share of total breach expenses. After a breach, 45% of companies raise prices to offset the costs, passing the expense to customers.

Customer PII is the most targeted data type. Customer personally identifiable information appeared in 53% of breaches. When customer data gets exposed, you’re paying more in fines and notification. You lose customers on top of that. That’s why PII breaches end up costing more than other data types.

For a deeper look at what happens after a breach beyond the financial costs, see our breakdown of data breach consequences.

What Reduces Data Breach Costs?

The same IBM report identifies the factors that cut breach costs the most. The biggest one by far is security AI and automation.

AI and automation save $1.9 million per breach. Companies with AI integrated into their security operations contain breaches 80 days faster than those without. That time difference is the primary reason for the cost savings. The faster you find and stop a breach, the less data gets exposed. The gap between AI-equipped and unequipped security teams has widened every year since IBM started tracking this metric.

Speed matters because every extra day an attacker has access drives costs higher. That’s why IBM tracks the breach lifecycle as a core metric.

How the breach gets detected matters. When your internal team finds the breach, costs are much lower than when the attacker tells you about it. Internal detection means you caught it earlier and likely contained the damage. Attacker disclosure (common in ransomware) usually means they’ve already exfiltrated everything they wanted.

Third-party detection falls somewhere in between. A vendor or security researcher notifying you about a breach is better than learning about it from the attacker, but it still means your own tools missed it. Your best bet is detecting breaches with your own tools.

For practical steps on building a detection capability, see our guide on data breach detection.

Law enforcement involvement helps in ransomware cases. Companies that brought in law enforcement during ransomware incidents paid less overall. Law enforcement agencies often have decryption keys from prior investigations or can put pressure on attackers through takedowns and arrests.

The trend away from paying ransoms is also helping. 63% of ransomware victims now refuse to pay, up from 59% the prior year. Full recovery rates improved to 35%, up from just 12% the year before. Better backup strategies and tested response playbooks are making it easier to recover without paying.

Incident response planning pays off. Having a tested response plan in place before a breach happens is one of the most cost-effective investments you can make. Companies with mature IR processes pay less per breach. For a step-by-step framework, see our data breach response guide.

How Much Do Data Breaches Cost by Industry?

Healthcare remains the most expensive industry for data breaches, though the gap is narrowing.

• Healthcare: $7.42 million (down from $9.77 million the prior year, but still the highest by a wide margin)
• Financial services: Consistently in the top three due to regulatory requirements and the value of financial data
• Technology: High costs driven by intellectual property theft and the complexity of cloud environments
• Energy and utilities: Rising costs as critical infrastructure becomes a more frequent target
• Education: Lower average costs but high frequency, with limited budgets for recovery

Healthcare’s drop is worth noting. Better security investments and regulatory compliance efforts are starting to pay off, though the industry still pays nearly double the global average. Medical records are sensitive and HIPAA requirements are strict, both of which push costs higher. For a detailed breakdown of what healthcare breaches look like, see our analysis of data breach consequences in healthcare.

Financial services companies face a different cost profile. Regulatory fines from agencies like the SEC and OCC can add millions to the total. These companies also deal with direct financial theft during breaches, not just data exposure. The regulatory reporting requirements alone drive up legal and compliance costs.

Small business impact: The average cost figures are skewed toward large enterprises. But small businesses get hit harder relative to their size because they have less revenue to absorb the cost. A $1-2 million breach can threaten a small company’s survival.

The average cost of a data breach for small businesses is harder to pin down in aggregate, but the per-record costs are comparable. The difference is that small businesses often lack the insurance coverage and cash reserves to recover. Smaller security teams also mean longer detection times and higher per-incident costs relative to revenue.

How Can You Reduce Your Data Breach Costs?

The data points to a clear pattern: speed and preparation cut costs the most. Here’s where to focus.

Invest in AI-powered detection. The savings gap between companies with and without security AI is too large to ignore. AI-assisted tools catch anomalies faster than manual monitoring and shorten the time from compromise to containment. This doesn’t require replacing your entire security stack. Start by adding AI-powered analysis to your existing SIEM or endpoint detection tools.

Build and test your incident response plan. Having a plan isn’t enough. You need to run tabletop exercises and simulate real scenarios. Companies that test their IR plans regularly pay less when a real breach happens. At minimum, run a tabletop exercise quarterly and update your response playbooks after every real incident.

Monitor for leaked credentials. Stolen credentials are one of the most common initial access vectors and take the longest to detect. The window between when a password appears in a breach dump and when an attacker uses it is your opportunity to act. Credential monitoring closes that gap by alerting you when employee or customer passwords show up in stealer logs and third-party breaches. Automated password resets triggered by credential exposure can cut your response time from days to minutes.

Enforce multi-factor authentication everywhere. MFA won’t prevent credential theft, but it makes stolen passwords much harder to exploit. Even when an attacker has a valid username and password, MFA adds a barrier that buys your team time to detect and respond.

Control shadow AI. With one in five breaches now involving unsanctioned AI tools, you need to know what AI services your employees are using and what data they’re feeding into them. Create an approved list of AI tools with enterprise security controls and block unapproved services at the network level.

Conclusion

The global average data breach cost dropped in 2025, but the real number depends on your industry and location. US companies pay more than double the global average. Healthcare and financial services pay the most.

The clearest way to reduce your exposure is catching breaches sooner. Companies using security AI respond faster and save millions. Monitoring for leaked credentials catches one of the most common and slowest-to-detect attack vectors before it turns into a full breach.

Breachsense monitors for compromised credentials and leaked data across dark web markets and ransomware leak sites, plus stealer logs. When your data shows up, you get alerted so you can act before attackers exploit it.

Start with a free dark web scan to see what’s already exposed.