How does AI affect data breach cost?

IBM 2025 data shows significant AI impact on breach costs. Organisations with extensive AI security deployment saved an average of $1.9M per breach compared to those with no AI deployment. AI primarily reduces cost by compressing the detection and containment timeline. Breaches detected and contained in under 200 days cost approximately $1.14M less than those taking over 200 days ($3.87M vs $5.01M).

Incident Type: Data Breach · Updated June 2026

Data Breach Cost: What a Breach Actually Costs in 2026

Q: How much does a data breach cost in 2025?

According to IBM's Cost of a Data Breach Report 2025, the global average data breach cost is $4.44M, down 9% from $4.88M in 2024. The US average is $10.22M, up 9% and a record high. Healthcare remains the most expensive industry at $7.42M per breach.

Q: Why did global data breach costs fall in 2025?

IBM attributes the 9% global reduction primarily to AI-assisted detection and response. Organisations deploying AI security automation identified and contained breaches 80 days faster on average, saving approximately $1.9M per incident. The reduction is not uniform: US costs rose 9%, and Middle East costs rose 18%.

Q: What is the cost per record of a data breach?

IBM CODB 2025 reports per-record cost by data type rather than by industry. Intellectual property is highest at $178 per record, followed by employee PII at $168 and customer PII at $160, with anonymized data lowest at $115. IBM does not publish a per-industry per-record figure and cautions against extrapolating per-record costs to mega-breaches, where scale changes the economics.

Q: What is the difference between a data breach and a security incident?

A security incident is any event that threatens confidentiality, integrity, or availability. A data breach is a confirmed subset of security incidents where data has been disclosed to an unauthorised party. All breaches are incidents; not all incidents are breaches. Many security incidents (such as a blocked intrusion attempt or a resolved malware infection with no exfiltration confirmed) do not become breaches.

Q: How much does a healthcare data breach cost?

Healthcare data breaches cost an average of $7.42M per incident (IBM CODB 2025), making healthcare the most expensive industry for breach cost for the 14th consecutive year. Contributing factors include HIPAA notification requirements (strict timelines and individual notifications required), high per-record value of health data, patient safety implications, and the operational impact of taking systems offline during remediation.

$4.44M

Global average

$10.22M

US average

$7.42M

Healthcare avg

A data breach is a confirmed disclosure of sensitive, protected, or confidential data to an unauthorised party. Unlike a security incident (which may be contained without data exposure), a breach requires notification to affected individuals, regulators, and often legal counsel. For an in-depth reference, see databreachcost.com.

Cost Components (IBM 4-Activity Model)

Cost Activity	Avg Share	What It Includes
Detection and escalation	~33%	Security investigation, forensic analysis, crisis team communication, executive escalation (now the largest share)
Lost business	~31%	Customer churn, revenue during downtime, reputational damage, new business lost
Post-breach response	~27%	Helpdesk, inbound inquiries, remediation, legal counsel, regulatory response
Notification	~9%	Notifying regulators, affected individuals, legal counsel; credit monitoring setup

Source: IBM Cost of a Data Breach Report 2025

Cost by Geography

Country / Region	Avg Breach Cost	YoY Change
United States	$10.22M	+9%
Middle East	$7.29M	+18%
Benelux	$6.24M	+2%
Global Average	$4.44M	-9%
Germany	$4.03M	decline
United Kingdom	$4.14M (£3.29M)	decline
Brazil	$1.22M	decline

Source: IBM Cost of a Data Breach Report 2025

Cost by Industry

Rank	Industry	Avg Breach Cost
#1	Healthcare	$7.42M
#2	Financial	$5.56M
#3	Industrial	$5.00M
#4	Energy	$4.83M
#5	Technology	$4.79M
#6	Pharmaceuticals	$4.61M
#7	Education	$3.80M
#8	Retail	$3.54M
#9	Public Sector	$2.86M

Source: IBM Cost of a Data Breach Report 2025

Cost per Record by Data Type

IBM CODB 2025 reports per-record cost by the type of data compromised, not by industry or breach size. The most sensitive identifiable data carries the highest per-record cost. IBM does not publish a per-industry per-record figure and cautions against extrapolating per-record costs to mega-breaches.

Data Type	Per-Record Cost (IBM 2025)	Notes
Intellectual property	$178	Highest per-record cost
Employee PII	$168	Internal personal data
Customer PII	$160	Most commonly exposed identifiable data
Other corporate data	$154	Non-personal business records
Anonymized data	$115	Lowest per-record cost

What Raises and Lowers Breach Cost

Cost Multipliers

+Compliance failures at time of breach (+$0.73M avg)

+Security skills shortage (+$0.55M avg)

+System complexity (cloud, hybrid) (+$0.47M avg)

+Third-party involvement (+$0.43M avg)

+Migration to cloud during breach (+$0.39M avg)

+No IR team or plan (+$0.39M avg)

Cost Reducers

-AI and automation (-$1.9M avg with extensive use)

-IR team in place (-$0.54M avg)

-DevSecOps approach (-$0.42M avg)

-Employee training (-$0.38M avg)

-Incident response plan tested (-$0.35M avg)

-Encryption used (-$0.30M avg)

Source: IBM Cost of a Data Breach Report 2025

Go Deeper on Data Breach Cost

This page is a summary. For the full reference including regional breakdown tables, industry trend charts, detection timeline analysis, and breach reduction strategies, visit the dedicated site.

databreachcost.com - Full Data Breach Cost Reference

Frequently Asked Questions

How much does a data breach cost in 2025?

The global average is $4.44M per IBM CODB 2025, down 9% from $4.88M in 2024. The US average is $10.22M, a record high. Healthcare breaches average $7.42M.

Why did global breach costs drop in 2025?

IBM attributes the 9% global drop to AI-assisted detection. Organisations deploying AI security automation identified and contained breaches 80 days faster, saving approximately $1.9M per incident on average.

What is the cost per record of a data breach?

IBM CODB 2025 reports per-record cost by data type: intellectual property is highest at $178, then employee PII ($168), customer PII ($160), other corporate data ($154), and anonymized data lowest at $115. IBM does not publish a per-industry per-record figure and cautions against extrapolating per-record costs to mega-breaches.

How much does a healthcare data breach cost?

$7.42M on average (IBM 2025), making healthcare the most expensive industry for breach cost for the 14th consecutive year. HIPAA notification requirements and the high per-record value of health data are primary drivers.

What is the difference between a data breach and a security incident?

A breach is a confirmed disclosure of data to an unauthorised party. A security incident is the broader category. All breaches are incidents, but most incidents are not breaches. An attempted intrusion that was blocked, or malware removed before any exfiltration, is an incident but not a breach.

How does AI affect breach cost?

IBM 2025 data shows organisations with extensive AI security deployment save an average of $1.9M per breach compared to those with no AI. AI reduces cost by compressing the breach detection and containment timeline.