Form: Cost-of-Breach DisclosureSource: IBM 2025Filed: 28 Apr 2026
DataBreachCost.comOpen calc
Filing 8-K / Item 1.05Material Cybersecurity Incident

Headline figure / IBM 2025

A breach now costs $4.44M on average.

Independent register of breach-cost intelligence. IBM's 2025 figures, the Verizon DBIR, and Sophos ransomware data, presented as browsable, citable web pages instead of gated PDFs. Calculate your specific exposure below.

Global avg

$4.44M

-9% YoY

US avg

$10.22M

record high, +9%

Healthcare

$7.42M

#1 for 14 yrs

MTTD

241d

lowest in 9 yrs

AI savings

-$1.9M

extensive AI deploy

Shadow AI

+$0.67M

added breach cost

Source:IBM Cost of a Data Breach Report 2025, verified June 2026. 600 organizations, 16 countries and regions, 17 industries. Compiled by Oliver Wakefield-Smith.

Schedule A / Cost-of-Breach EstimatorReal-time / no submit

Section I / Filer Particulars

Breach inputs

Sector multiplier x1.67 vs $4.44M global average (HIPAA). IBM 2025, Figure 3.

Customer / employee records at risk. IBM avg PII record value: $160.

Multiplier vs $4.44M baseline. IBM's attacker-disclosed extortion breach average ($5.08M).


Section II / Security Controls (IBM 2025 cost-factor analysis)


Section IV / AI-Threat Exposure (IBM 2025)

The 2025 AI factors: shadow AI adds up to $0.67M, a security skills shortage up to $1.57M. Governance maturity scales how much shadow-AI exposure you carry.

No unsanctioned AI tools in use. IBM 2025, Figure 40 (shadow-AI breaches $4.63M vs $3.96M).

Policy exists, controls inconsistently enforced. Scales shadow-AI exposure; IBM 2025: 97% of AI-model breaches lacked proper access controls.

Adequately staffed security team. IBM 2025, Figure 42 (high shortage $5.22M vs low $3.65M).

Estimated total exposure

$45,037,030

Critical exposure

vs IBM 2025 avg

1014%

Per record

$900.74

Records

50,000

Region mult.

x2.30

Schedule B / IBM cost-category split

Where the money goes

Lost business$13.96M (31%)
Detection & escalation$14.86M (33%)
Post-breach response$12.16M (27%)
Notification$4.05M (9%)

IBM Cost of a Data Breach Report 2025, four-category methodology.

Schedule C / File this estimate

Export the filing

Turn this estimate into a shareable artifact. Save as PDF via your browser print dialog, or copy a plain-text filing to paste into a board pack, ticket, or email.

Section VI / Comparison band

At $45.04M, your estimated exposure is 10.14x the global IBM 2025 average and 4.41x the US average. The United States regional cost factor is x2.30 (State-by-state).

Reduce your exposure

Partner

Two levers move the numbers above: transferring residual risk, and shortening the detection-to-containment window. Compare cyber-insurance cover or incident-response retainers.

Independent register. Links above are neutral educational resources (CISA), not paid placements. This slot is labelled and disclosed; any future sponsored partner will be marked as such.

Schedule D / Results explained (plain text)

Your estimate, in words

Based on the IBM Cost of a Data Breach 2025 report, a breach of a 501 - 5,000 employees Healthcare organization in United States, exposing 50,000 records via Ransomware / Extortion, carries an estimated total exposure of $45,037,030. That is 1014% of the IBM 2025 global average breach cost of $4.44M (the US average is $10.22M), or 10.14x the global figure, and works out to $900.74 per record. The Healthcare sector averaged $7.42M in IBM 2025, and the United States regional cost factor is x2.30 relative to the global average. Detection assumption: Over 200 days ($5.01M basis). This estimate is classified as critical exposure.

AI-threat factors add an estimated $0 to this exposure. Shadow-AI usage is set to None / sanctioned only (IBM 2025 found shadow-AI breaches cost $4.63M versus $3.96M without, a $0.67M premium), AI-governance maturity to Partial (IBM 2025 found 97% of AI-model breaches occurred at organizations lacking proper AI access controls), and the security skills shortage to Low / none (IBM 2025 found a high shortage cost $5.22M versus $3.65M for low, a $1.57M premium).

Cost categoryEstimated amountShare
Lost business$13,961,47931%
Detection & escalation$14,862,22033%
Post-breach response$12,159,99827%
Notification$4,053,3339%
Estimated total exposure$45,037,030100%

IBM Cost of a Data Breach Report 2025. Cost-category split uses IBM's four-category methodology (detection 33%, lost business 31%, post-breach 27%, notification 9%). Verified June 2026.

Schedule C / Cost by industry sector

Average breach cost, all 17 sectors

Brick-red bars sit above the $4.44M global average; steel bars below it. Healthcare leads for the fourteenth consecutive year. Figures are the IBM 2025 averages, unmodified.

Global avg $4.44MHealthcare$7.42MFinancial Services$5.56MIndustrial$5.00MEnergy$4.83MTechnology$4.79MPharmaceuticals$4.61MServices$4.56MEntertainment$4.43MMedia$4.22MHospitality$4.03MTransportation$3.98MEducation$3.80MResearch$3.79MCommunications$3.75MConsumer$3.72MRetail$3.54MPublic Sector$2.86M

Primary source:IBM Cost of a Data Breach Report 2025, Figure 3 (industry averages). Verified June 2026.

Index / Companion SchedulesLast verified June 2026

New register / State notification statutes

Data breach notification laws by state: 51 statutes, no federal floor.

A multi-state breach can trigger up to 51 separate statutes, each with its own deadline, attorney general threshold, and penalty structure. One source-cited page per state: California, Texas, New York, Florida, and the rest of the 50 plus DC. Verified June 2026.

Open the 50-state register

Jurisdictions

51

Strictest

30d

Federal

None

Schedule 11 / Industry Drilldowns7 sectors with bespoke per-record economics
Schedule 12 / Notable Case Studies12 mega-breaches with sourced cost composition
Schedule 13 / Regulator Profiles5 regimes with penalty structure detail
Schedule 14 / Cost-Component Drilldowns5 line-item analyses with vendor pricing
Direct from Digital Signet

Building around your breach response?

Digital Signet builds custom software and AI automation for security teams. Incident tooling, evidence collection, notification workflows, audit prep.

Get in touch →