Global data breach costs averaged $4.44 million in 2025, a 9% decline from $4.88M in 2024 — the first global drop in five years — while US breach costs rose 9% to a record $10.22M. The IBM/Ponemon study of 600 organizations found that healthcare remains the costliest industry at $7.42M per breach, AI-enabled security teams save $1.9M on average, and the breach lifecycle hit a nine-year low of 241 days. [src1]
Data vintage: Based on breaches occurring March 2024 through February 2025, published July 2025.
Key shift: Global costs declined 9% YoY driven by increased AI/automation adoption, but US costs diverged upward due to escalating regulatory fines and detection costs.
Definition: Total cost incurred by an organization from a data breach, including detection/escalation, notification, post-breach response, and lost business costs.
| Industry | Average Cost | YoY Change | Breach Lifecycle (Days) |
|---|---|---|---|
| Healthcare | $7.42M | -24% | 279 |
| Financial Services | $5.56M | Stable | ~250 |
| Industrial/Manufacturing | $5.00M | +8% | ~245 |
| Energy | $4.83M | +2% | ~248 |
| Technology | $4.79M | -3% | ~230 |
| Retail | $3.54M | +12% | ~235 |
| Public Sector | $3.18M | +15% | ~260 |
| Global Average | $4.44M | -9% | 241 |
Trend: Healthcare costs dropped sharply (-24%) but remain highest for 14th consecutive year. Retail and public sector bucked the global downtrend.
Red flag threshold: Breach cost exceeding 2x industry average suggests systemic security gaps.
Definition: Average total breach cost segmented by the initial method of compromise.
| Attack Vector | Average Cost | % of Breaches | Key Characteristic |
|---|---|---|---|
| Ransomware | $5.08M | ~14% | 63% refused to pay |
| Business Email Compromise | $5.01M | ~8% | Highest cost per incident |
| Phishing | $4.65M | ~16% | Second-most common |
| Malicious Insider | $4.61M | ~7% | Hardest to detect early |
| Stolen Credentials | $4.43M | ~22% | Most common vector |
| Vulnerability Exploitation | $4.38M | ~20% | VPN exploits up 8x YoY |
Trend: Credential abuse remains the most common vector at 22%. VPN-targeted exploitation grew nearly 8x YoY.
Red flag threshold: Organizations without MFA on external-facing systems face 3x higher credential breach risk.
Definition: Total time from initial compromise to full containment (MTTI + MTTC) and its impact on cost.
| Response Speed | Average Cost | Lifecycle (Days) | Savings vs Slow |
|---|---|---|---|
| Under 200 days | $3.87M | <200 | $1.14M savings |
| Over 200 days | $5.01M | >200 | Baseline |
| With Extensive AI | $3.62M | ~161 | $1.9M savings |
| Without AI | $5.52M | ~241+ | — |
Trend: Breach lifecycle hit a nine-year low of 241 days. AI-enabled teams cut this by 80 days.
Red flag threshold: Identification time exceeding 200 days adds $1.14M+ in costs.
Definition: Average total breach cost segmented by organization headcount.
| Organization Size | Average Cost | Cost Per Employee |
|---|---|---|
| Under 500 employees | $3.31M | ~$6,620 |
| 500 – 1,000 | $3.52M | ~$4,700 |
| 1,000 – 5,000 | $4.10M | ~$1,640 |
| 5,000 – 10,000 | $4.44M | ~$590 |
| 10,000 – 25,000 | $4.92M | ~$280 |
| 25,000+ | $5.50M+ | ~$110 |
Trend: SMEs face disproportionately high per-employee costs ($6,620 vs $110 for large enterprises).
Red flag threshold: SMEs with breach costs exceeding $3.5M should evaluate incident response capabilities.
| Rule | Formula / Threshold | Interpretation |
|---|---|---|
| AI Security ROI | $3.62M (with AI) vs $5.52M (without) = $1.9M savings | ~34% cost reduction with extensive AI/automation |
| Response Speed Premium | <200 day lifecycle saves $1.14M | Every day of delayed detection adds ~$5,700 |
| Ransomware Refusal Rate | 63% refuse to pay (up from 59%) | Budget for recovery, not ransom payment |
| Healthcare Premium | $7.42M / $4.44M = 1.67x global average | Healthcare should budget 67% above global average |
| Credential Risk Factor | 22% of breaches via stolen credentials | Without MFA, credential breach is primary risk |
| Segment | Definition | Typical Characteristics |
|---|---|---|
| Healthcare | Hospitals, health systems, payers, pharma | PHI/HIPAA regulated, longest lifecycles, legacy systems |
| Financial Services | Banks, insurance, investment firms | PCI/SOX regulated, high-value targets, mature security |
| Industrial/Manufacturing | Manufacturers, supply chain, logistics | OT/IT convergence, IP theft, rising ransomware |
| Technology | Software, hardware, cloud, SaaS | Large attack surfaces, valuable IP, faster detection |
| Energy | Utilities, oil/gas, renewables | Critical infrastructure, nation-state threats |
| Retail | E-commerce, brick-and-mortar, hospitality | Payment card data, seasonal attack spikes |
| SME (Cross-Industry) | Organizations with <500 employees | Limited budgets, disproportionate per-employee costs |
| Metric | 2023 | 2024 | 2025 | Direction |
|---|---|---|---|---|
| Global Avg Breach Cost | $4.45M | $4.88M | $4.44M | ↓ 9% |
| US Avg Breach Cost | $9.48M | $9.36M | $10.22M | ↑ 9% |
| Healthcare Breach Cost | $10.93M | $9.77M | $7.42M | ↓ 24% |
| Breach Lifecycle (Days) | 277 | 258 | 241 | ↓ 7% |
| Ransomware Avg Cost | $4.54M | $4.62M | $5.08M | ↑ 10% |
| Credential Breach Share | 15% | 16% | 22% | ↑ 38% |
Fetch when a user needs to estimate breach costs for budgeting or insurance, justify security investments to leadership, benchmark incident response capabilities against industry peers, or evaluate the ROI of AI-enabled security tools.