How much does the average IT incident cost in 2025?

According to PagerDuty research, the average P1 IT incident costs $794,000, with most organisations experiencing approximately 25 P1 incidents per year, totalling roughly $19.85M annually. However, costs vary dramatically: ransomware recovery averages $1.53M excluding ransom (Sophos 2025), a data breach averages $4.44M globally (IBM CODB 2025), and an insider threat incident costs an average of $779,000 per credential theft event (Ponemon 2025).

Updated June 2026 · Next review October 2026

The 2026 Incident Cost Index: Every Type of Business Incident Priced

Q: Why did global data breach costs drop in 2025?

IBM's Cost of a Data Breach Report 2025 reported a global average of $4.44M, down 9% from $4.88M in 2024. IBM attributes this primarily to improved AI-assisted detection reducing breach lifecycle: organisations using AI security tools identified and contained breaches 80 days faster, saving an average of $1.9M. The US average, however, increased 6% to $10.22M, suggesting regional divergence rather than universal improvement.

Published data on incident costs is fragmented across six or more annual reports from different research organisations, each covering a different incident type. This index aggregates those figures into a single, citation-grade reference table.

Every row cites its primary source. Methodology notes explain what each figure includes and excludes. For interactive scenario modeling, use incidentcostcalculator.com.

The Master Index Table

Incident Type	Avg Cost Per Incident	Annual Org Impact	YoY	Source	Notes
Data breach (global avg)	$4.44M	Varies	-9%	IBM CODB 2025	See /types/data-breach
Data breach (US avg)	$10.22M	Varies	+9%	IBM CODB 2025	Record high for US
Data breach (Healthcare)	$7.42M	Varies	-24%	IBM CODB 2025	Still highest industry
Data breach (Finance)	$5.56M	Varies	-9%	IBM CODB 2025	Heavily regulated
Ransomware (recovery, excl. ransom)	$1.53M	Varies	-44%	Sophos 2025	See /types/ransomware
Ransomware - ransom paid (median)	$325K	n/a	n/a	Coveware Q4 2025	Avg payment $591,988
Insider threat (credential theft)	$779K	$17.4M total org	+15%	Ponemon 2025	Per-incident figure
Insider threat (malicious)	$715K	Included above	+2%	Ponemon 2025	25% of insider incidents
Insider threat (negligence)	$677K	$8.8M total org	+1%	Ponemon 2025	55% of insider incidents
P1 IT incident (avg)	$794K	$19.85M (25 P1s/yr)	n/a	PagerDuty 2024	25 P1 incidents/yr average
Service outage (mid-market+)	$14K/min	Varies	n/a	Various	See outagecost.com
Service outage (large enterprise)	$23,750/min	Varies	n/a	Various	$1.425M/hr
Manufacturing downtime avg	$260K/hr	Varies	n/a	Various	OT/ICS environments
Automotive downtime	$3M/hr	Varies	n/a	ABB 2025	Assembly line stoppage
Supply chain attack	$4.76M	Varies	n/a	IBM CODB 2025	Longest detection time
DDoS attack	$120K-$2M	Varies	n/a	Various	See /types/ddos
Compliance violation (HIPAA Tier 4)	$73K-$2.19M	n/a	n/a	HHS 2025	Per violation
Compliance violation (GDPR max)	4% global revenue	n/a	n/a	GDPR Art. 83	See gdprfine.com
Compliance violation (PCI DSS)	$5K-$100K/month	+ card brand fines	n/a	PCI SSC	Plus mandatory forensics

Sources: IBM Cost of a Data Breach Report 2025, Ponemon Cost of Insider Risks 2025, PagerDuty State of Digital Operations 2024, Sophos State of Ransomware 2025, Resilience Cyber Risk Report 2025, Coveware Q4 2025 Ransomware Report, ABB 2025 Manufacturing Report. Updated June 2026.

Methodology: What Each Figure Includes and Excludes

The term "average cost" means different things across primary sources. Understanding the methodology is essential for correct interpretation.

IBM Cost of a Data Breach Report (CODB)

IBM uses a 4-activity cost model: detection and escalation, notification, post-breach response, and lost business. Lost business includes customer churn, reputational impact, and revenue lost during breach. Notably, IBM CODB excludes ransom payments from breach cost figures, as the report focuses specifically on breach costs. The 2025 figure of $4.44M is based on 600 organisations across 17 industries and 16 countries.

Ponemon Cost of Insider Risks

Ponemon surveys report an annual organisational total cost ($17.4M average) that includes monitoring tools, investigation, escalation, incident response, and containment costs. The per-incident figures ($779K credential theft, $715K malicious, $677K negligent) are derived by dividing total costs by incident frequency data.

PagerDuty State of Digital Operations

PagerDuty's $794K per P1 incident figure includes revenue loss during downtime, productivity cost of personnel responding, customer impact, SLA penalties, and post-incident review costs. The 25 P1 incidents per year average is based on survey data from DevOps and SRE practitioners across mid-market and enterprise organisations.

Sophos / Coveware / Resilience (Ransomware)

No single source captures the full end-to-end cost of a ransomware event, so each measures a different slice. Sophos's State of Ransomware 2025 reports an average recovery cost of $1.53M excluding any ransom (down from $2.73M in 2024). Coveware's Q4 2025 marketplace data put the ransom payment at a $325,000 median ($591,988 average). Resilience's claims-based study reports a $1.18M average insured ransomware loss, up 17% year-over-year. The ransom is paid on top of recovery, not instead of it.

Year-over-Year Trends

Key trend signals from 2020-2025 primary source data.

Data Breach Global Average (IBM)

2019$3.92M

2020$3.86M

2021$4.24M

2022$4.35M

2023$4.45M

2024$4.88M

2025$4.44M

US Data Breach Average (IBM)

2019$8.19M

2020$8.64M

2021$9.05M

2022$9.44M

2023$9.48M

2024$9.65M

2025$10.22M

AI Savings on Breach Lifecycle (IBM 2025)

Mean time to identify + contain241 days

Lifecycle peak (pre-2021)287 days

AI users cut breach time by80 days

Avg cost saved with AI$1.9M

Ransom Payment Trend (Coveware)

Avg paid Q4 2024$553,959

Avg paid Q4 2025$591,988

Median Q4 2025$325,000

Pay rate Q4 2025~20%

How to Use This Index

Budgeting

Use the per-incident figures as a starting point for risk budget conversations. Multiply by the estimated probability of each incident type for your industry to derive an expected annual loss.

Board Presentations

The consolidated index table is formatted for board-level presentations. Cite the source column alongside the figure to establish credibility with non-technical audiences.

Insurance Applications

Cyber insurers ask for incident history and risk profile. Use the industry and size breakdown pages to benchmark your organisation's expected cost profile versus the index average.

Risk Assessments

Use the index as an input to FAIR (Factor Analysis of Information Risk) or ALE (Annualised Loss Expectancy) models. Each row provides a Loss Magnitude estimate for the corresponding threat scenario.

Frequently Asked Questions

What is the Incident Cost Index?

The Incident Cost Index is a consolidated reference table aggregating the average per-incident cost across all major business incident types. It is the only resource that presents this cross-category comparison in a single table, drawn from IBM, Ponemon, PagerDuty, Resilience, and other primary sources.

How often is the index updated?

The index is updated twice per year, in April and October. Data sources (IBM CODB, Ponemon, Verizon DBIR, etc.) publish annually, typically in Q3-Q4 of each year. The April 2026 edition incorporates all 2025 primary source reports published to date.

Why did global data breach costs drop in 2025?

IBM's 2025 report attributes the 9% global drop to improved AI-assisted detection. Organisations using AI security automation identified and contained breaches 80 days faster, saving approximately $1.9M per incident. The US average rose 6% to $10.22M, suggesting the improvement is unevenly distributed geographically.

Are these figures averages or medians?

Most figures are means (averages), not medians. This matters because a small number of very large incidents significantly skew the average upward. Median costs are typically 30-50% lower than mean costs. IBM and Ponemon both report means. When using these figures for budgeting, consider whether your organisation's risk profile is closer to the average or to a lower-cost scenario.

Primary Source Citations

IBM Cost of a Data Breach Report 2025. IBM Security, 2025. Annual global study covering 600 organisations across 17 industries and 16 countries. The primary source for data breach cost figures globally and by industry.

Ponemon Institute Cost of Insider Risks Global Report 2025. Ponemon Institute, sponsored by DTEX Systems, 2025. Annual survey of 1,000+ IT and security practitioners covering insider threat cost by type, industry, and containment time.

Verizon Data Breach Investigations Report 2025. Verizon Business, 2025. Annual breach statistics covering threat actors, attack vectors, and industry breakdown based on real incident data.

PagerDuty State of Digital Operations 2024. PagerDuty, 2024. Survey-based study of DevOps and SRE practitioners on incident frequency, cost, and business impact. Source for the $794K per P1 incident figure.

Sophos State of Ransomware 2025. Sophos, June 2025. Survey of 3,400 organisations hit by ransomware. Source for the $1.53M average recovery cost (excluding ransom) and the $1M median ransom payment.

Resilience Cyber Risk Report 2025. Resilience, 2025. Annual analysis of cyber insurance claims data. Source for the $1.18M average insured ransomware loss and the 17% year-over-year increase.

Coveware Q4 2025 Ransomware Marketplace Report. Coveware, February 2026. Quarterly analysis of ransomware payment trends and recovery costs based on incident response case data; Q4 2025 average payment $591,988, median $325,000, payment rate ~20%.

Mandiant M-Trends 2025. Mandiant (Google), 2025. Annual threat intelligence report including breach dwell time benchmarks and attack lifecycle data.

Explore by incident type:Data Breach Ransomware Insider Threat Service Outage Supply Chain Compliance