IBM Cost of a Data Breach Report 2025
The most comprehensive data breach cost dataset available. All figures from IBM's analysis of 604 organizations across 17 countries.
Global Average
$4.44M
Down 9% from 2024
US Average
$10.22M
Record high, +9% YoY
Healthcare
$7.42M
#1 for 15 consecutive years
Detection Time
241 days
Lowest in 9 years
After reaching an all-time high of $4.88M in 2024, global breach costs declined 9% to $4.44M in 2025 -- the first significant decrease in four years. Analysts attribute this decline to increased adoption of AI-powered security tools and faster detection capabilities. However, this global average masks regional divergence: US costs rose 9% to $10.22M, reflecting increasing regulatory complexity and litigation costs.
Source: IBM Cost of a Data Breach Report 2019-2025 (Ponemon Institute)
Not all data is valued equally in a breach. Intellectual property carries the highest per-record cost at $178, reflecting the long-term competitive damage and potential regulatory liability when proprietary information is exposed. Customer personally identifiable information (PII) costs $160 per record, driven by notification requirements, credit monitoring obligations, and class action exposure. Employee PII, while slightly less expensive at $156 per record, still represents significant liability due to employment law implications and internal trust damage. Even anonymized data carries a $130 per-record cost, as re-identification risks and regulatory scrutiny around anonymization techniques have increased.
Source: IBM Cost of a Data Breach Report 2025
The mean time to identify and contain a data breach dropped to 241 days in 2025, the lowest figure in nine years of IBM's research. This improvement correlates strongly with increased adoption of AI-powered security monitoring, which reduced the breach lifecycle by an average of 80 days. The cost implications of detection speed remain stark: organizations that identified and contained breaches within 200 days spent $3.87 million on average, while those exceeding 200 days faced costs of $5.01 million -- a 23% premium of $1.14 million for slower detection. This finding makes detection speed one of the most impactful variables in breach cost, after geographic region and industry sector.
Mean Detection Time
241 days
Lowest in 9 years
Under 200 Days
$3.87M
Fast detection saves money
Over 200 Days
$5.01M
23% more expensive
The 200-day threshold is not arbitrary. IBM's research consistently shows a cost inflection point around this mark. Breaches detected quickly tend to be contained before attackers achieve lateral movement, exfiltrate large data volumes, or establish persistent access. After 200 days, the probability of data exfiltration, regulatory notification triggers, and customer churn all increase significantly, compounding costs across every category. Credential-based attacks take the longest to detect (292 days on average), while internally-detected breaches through security tools are identified fastest.
Source: IBM Cost of a Data Breach Report 2025
Ransomware remains the most expensive attack vector at $5.08 million per breach, reflecting the combined costs of ransom demands, extended downtime, forensic investigation, and recovery operations. Malicious insider attacks ($4.92M) are nearly as costly due to their difficulty to detect and the extensive access insiders possess. Business email compromise ($4.88M) continues its upward trend, driven by increasingly sophisticated social engineering that bypasses traditional security controls. Phishing ($4.76M) and credential theft ($4.67M) remain the most common attack vectors by volume. Cloud misconfiguration ($4.14M) carries the lowest average cost among tracked vectors, partly because these breaches tend to be detected faster through cloud security posture management tools.
Source: IBM Cost of a Data Breach Report 2025, Verizon DBIR 2025
The 2025 report reveals a growing divide between organizations that have embraced AI-powered security and those that have not. Companies with extensive AI and automation deployment saved $1.9 million per breach on average compared to those without -- the largest technology-driven cost difference IBM has ever measured. AI-powered security tools reduced the breach lifecycle by 80 days on average, translating directly into lower costs across all four IBM cost categories. The most significant AI benefits appear in detection and escalation, where automated threat detection, log analysis, and anomaly identification dramatically accelerate the initial response.
AI/Automation Savings
$1.9M
Per breach on average
Shadow AI Cost
+$0.67M
Unauthorized AI tool risk
Lifecycle Reduction
80 days
Faster detection & containment
The shadow AI risk is new for 2025. As employees adopt unauthorized AI tools (ChatGPT, Copilot, Gemini) for work tasks, they often input sensitive data into systems outside the organization's security perimeter. IBM found that breaches involving shadow AI cost an additional $670,000 on average, driven by expanded attack surface, data leakage through AI model inputs, and the difficulty of detecting unauthorized tool usage. This finding creates a new category of risk that most organizations have not yet addressed in their security policies.
The organizations benefiting most from AI security are those with mature implementations integrated into their security operations centres (SOCs). Simply purchasing AI-branded tools without proper integration yields minimal benefit. The key capabilities driving savings include automated alert triage (reducing false positive investigation time by 90%+), AI-assisted incident investigation (correlating indicators across data sources in seconds rather than hours), and predictive risk scoring that prioritizes vulnerabilities most likely to be exploited.
Source: IBM Cost of a Data Breach Report 2025
The IBM Cost of a Data Breach Report is conducted annually by the Ponemon Institute using activity-based costing (ABC) methodology. The 2025 report analyzed 604 organizations that experienced real data breaches between March 2024 and February 2025, across 17 countries and 16 industries. This is not a survey of hypothetical costs -- it measures actual expenditures incurred by organizations that suffered breaches, making it the most empirically grounded study of its kind.
The study categorizes costs into four areas: detection and escalation (forensics, investigation, audit, crisis management), notification (contacting affected individuals and regulators), post-breach response (help desk, credit monitoring, legal, identity protection), and lost business (customer churn, revenue loss during downtime, reputation damage, diminished goodwill). Each cost is tracked over two years following the breach, recognizing that many expenses -- particularly litigation and customer churn -- extend well beyond the initial incident.
It is important to note several limitations. The sample skews toward larger organizations (the average breach involved millions of records), meaning small business costs may differ significantly. The study also relies on estimates from organizational representatives, which may not capture all hidden costs such as opportunity cost, executive distraction, or long-term competitive damage. Finally, mega-breaches (over 1 million records) are analyzed separately from the main sample, so the $4.44M average excludes the most extreme incidents.
Source: IBM Cost of a Data Breach Report 2025. All figures verified: April 2026.
Calculate your specific breach exposure using IBM 2025 data.
Healthcare, financial, tech -- compare all 10 industry sectors.
US ($10.22M) to Brazil ($1.36M) -- regional cost comparison.
$5.08M average. Payment economics and recovery costs.
Lost business (38%), detection (29%) -- the full anatomy.
10 security controls ranked by return on investment.