Incident Type: Data Breach · Updated April 2026
Data Breach Cost: What a Breach Actually Costs in 2026
$4.44M
Global average
$10.22M
US average
$7.42M
Healthcare avg
A data breach is a confirmed disclosure of sensitive, protected, or confidential data to an unauthorised party. Unlike a security incident (which may be contained without data exposure), a breach requires notification to affected individuals, regulators, and often legal counsel. For an in-depth reference, see databreachcost.com.
Cost Components (IBM 4-Activity Model)
| Cost Activity | Avg Share | What It Includes |
|---|---|---|
| Detection and escalation | ~29% | Security investigation, forensic analysis, crisis team communication, executive escalation |
| Notification | ~6% | Notifying regulators, affected individuals, legal counsel; credit monitoring setup |
| Post-breach response | ~19% | Helpdesk, inbound inquiries, remediation, legal counsel, regulatory response |
| Lost business | ~46% | Customer churn, revenue during downtime, reputational damage, new business lost |
Source: IBM Cost of a Data Breach Report 2025
Cost by Geography
| Country / Region | Avg Breach Cost | YoY Change |
|---|---|---|
| United States | $10.22M | +6% |
| Middle East | $7.29M | +18% |
| Canada | $6.32M | +4% |
| Benelux | $6.24M | +2% |
| Germany | $5.39M | +3% |
| Japan | $4.82M | +1% |
| United Kingdom | $4.80M | -1% |
| Global Average | $4.44M | -9% |
| India | $2.35M | +7% |
| Brazil | $1.36M | +3% |
Source: IBM Cost of a Data Breach Report 2025
Cost by Industry
| Rank | Industry | Avg Breach Cost |
|---|---|---|
| #1 | Healthcare | $7.42M |
| #2 | Finance | $6.08M |
| #3 | Technology | $5.47M |
| #4 | Energy | $5.29M |
| #5 | Industrial | $4.73M |
| #6 | Services | $4.71M |
| #7 | Retail | $3.48M |
| #8 | Public Sector | $2.70M |
| #9 | Education | $2.47M |
Source: IBM Cost of a Data Breach Report 2025
Cost per Record Exposed
IBM calculates a per-record cost across the 4-activity model. The global average is $164-$178 per compromised record in 2025.
| Breach Size | Per-Record Cost | Total Cost Estimate | Notes |
|---|---|---|---|
| Under 10,000 records | $178 | $1.78M+ | Small breach, high per-record overhead |
| 10K-100K records | $164 | $1.6M-$16.4M | Most common size range |
| 1M-10M records (mega-breach) | $43 | $43M-$430M | Economies of scale on notification |
| 50M+ records | $24 | $1.2B+ | Notification cost dominates |
| Healthcare records (any size) | ~$400 | Varies | HIPAA notification premium |
What Raises and Lowers Breach Cost
Cost Multipliers
+Compliance failures at time of breach (+$0.73M avg)
+Security skills shortage (+$0.55M avg)
+System complexity (cloud, hybrid) (+$0.47M avg)
+Third-party involvement (+$0.43M avg)
+Migration to cloud during breach (+$0.39M avg)
+No IR team or plan (+$0.39M avg)
Cost Reducers
-AI and automation (-$2.22M avg with extensive use)
-IR team in place (-$0.54M avg)
-DevSecOps approach (-$0.42M avg)
-Employee training (-$0.38M avg)
-Incident response plan tested (-$0.35M avg)
-Encryption used (-$0.30M avg)
Source: IBM Cost of a Data Breach Report 2025
Go Deeper on Data Breach Cost
This page is a summary. For the full reference including regional breakdown tables, industry trend charts, detection timeline analysis, and breach reduction strategies, visit the dedicated site.
databreachcost.com - Full Data Breach Cost ReferenceFrequently Asked Questions
How much does a data breach cost in 2025?
The global average is $4.44M per IBM CODB 2025, down 9% from $4.88M in 2024. The US average is $10.22M, a record high. Healthcare breaches average $7.42M.
Why did global breach costs drop in 2025?
IBM attributes the 9% global drop to AI-assisted detection. Organisations deploying AI security automation identified and contained breaches 80 days faster, saving approximately $1.9M per incident on average.
What is the cost per record of a data breach?
$164-$178 per compromised record globally. Healthcare records cost approximately $400 each. Mega-breaches (1M+ records) benefit from scale, reducing the per-record cost to $24-$43, though total costs are far higher.
How much does a healthcare data breach cost?
$7.42M on average (IBM 2025), making healthcare the most expensive industry for breach cost for the 15th consecutive year. HIPAA notification requirements and the high per-record value of health data are primary drivers.
What is the difference between a data breach and a security incident?
A breach is a confirmed disclosure of data to an unauthorised party. A security incident is the broader category. All breaches are incidents, but most incidents are not breaches. An attempted intrusion that was blocked, or malware removed before any exfiltration, is an incident but not a breach.
How does AI affect breach cost?
IBM 2025 data shows organisations with extensive AI security deployment save an average of $2.22M per breach compared to those with no AI. AI reduces cost by compressing the breach detection and containment timeline.