Cost of a Data Breach Report: 2025 key findings

Get the facts from IBM’s 20th annual report.

31st July 2025NewsAJ Thompson

Are you ready to get in touch?

Request a Call back

Discover the true cost of a data breach in 2025

IBM’s Cost of a Data Breach Report 2025 provides essential insights from 600 organisations affected by data breaches between March 2024 and February 2025. This research helps security leaders understand the financial impact of breaches and implement more effective protection strategies.

Download the full report

The global average cost of a data breach in 2025 is $4.44 million Share on X

IBM Cost of Data Breach header image 2025

Key findings from the 2025 report

For the first time in five years, the global average cost of a data breach has declined. This improvement is largely due to faster containment, driven by advances in AI-powered defences.

Critical statistics you need to know:

The global average cost of a data breach is $4.44 million

63% of organisations lack governance policies to manage AI or prevent shadow AI risks

97% of AI-related breaches occurred where proper access controls were missing

Breaches involving shadow AI cost organisations with high usage an extra $670,000 on average

1 in 6 breaches involved AI-driven attacks, typically used to scale phishing and social engineering campaigns

 In contrast, organisations with extensive AI and automation saved an average of $1.9 million per breach

Malicious insiders remain the most expensive threat, with breaches averaging $4.92 million

The healthcare sector saw the highest average breach cost for the 15th year running, at $7.42 million

Phishing was the most common attack vector, involved in 16% of breaches

The average time to identify and contain a breach dropped to 241 days — the fastest response in nine years

63% of ransomware victims refused to pay, up from 59% in 2024

IT for banking and finance in London

Industry breakdown

Some industries continue to see significantly higher breach costs than others: (Average breach cost in $ millions)

  • Healthcare: $7.42

  • Financial: $5.56

  • Industrial: $5.00

  • Energy: $4.83

  • Technology: $4.79

  • Pharmaceuticals: $4.61

  • Services: $4.56

  • Entertainment: $4.43

  • Media: $4.22

  • Hospitality: $4.03

Notably, the public sector recorded the largest percentage increase in breach costs — up 10.8%, or $310,000 per breach.

sanctions checker solutions

Data Breach Costs by Geography (Average in $ millions)

The United States leads with the highest average breach cost for the 15th consecutive year at $10.22 million. Share on X

When comparing by region, significant differences emerge:

  • United States: $10.22

  • Middle East: $7.29

  • Benelux: $6.24

  • Canada: $4.84

  • United Kingdom: $4.14

  • While ASEAN and the US experienced sharp cost increases, countries such as Italy, Germany, and South Korea saw modest declines.

Download the United Kingdom report.

UK average cost of a data breach is £3.29 M in 2025. Share on X

 

AI impact: the double-edged sword

AI presents both opportunities and risks for cybersecurity. Security teams using AI and automation extensively save $1.9 million on average per breach.

However, AI-driven attacks are rising:

      • 16% of breaches involved attackers using AI, often in phishing and deepfake attacks
      • Unsanctioned or shadow AI costs $4.63 million, $190,000 above the global average
      • Organisations with high levels of shadow AI face $670,000 higher breach costs
      • Breaches with shadow AI take 10 more days to identify and contain

The research shows 63% of organisations have no governance policies for AI, creating significant security gaps.

Time to detect and contain breaches continues to improve

Encouragingly, organisations are identifying and containing breaches faster than before.
This acceleration reflects growing investment in AI-powered tools and incident response planning.

Breach timeline improvements:

  • Mean time to identify: 181 days (down from 194 in 2024)

  • Mean time to contain: 60 days (down from 64 in 2024)

  • Total breach lifecycle: 241 days (down from 258 in 2024)

Furthermore, organisations with extensive use of AI and automation shortened the breach lifecycle by an average of 68 days.

Top recommendations to lower breach costs

IBM’s 2025 report outlines five key actions that significantly reduce breach costs and improve response times:

  1. Use AI and automation to accelerate detection and enhance response precision

  2. Plan and test your incident response processes regularly to build organisational resilience

  3. Secure your data for AI use through discovery, classification, and appropriate protection

  4. Strengthen identity controls with phishing-resistant authentication for humans and machines

  5. Align AI security and governance through collaboration between IT, compliance, and business units

Organisations investing in these areas show significantly lower breach costs and faster containment times.

What next?

Don’t wait for a costly breach. Act now to safeguard your data and reputation.

Access the full report

Contact us today for a comprehensive security assessment

Register for the webinar titled Cost of a Data Breach Report 2025: The AI oversight gap – top insights, AI impact, and risk reduction best practices.

Financial data breaches 2025 industry analysis

Cost Of Data Breach, Data Breaches, Data Security
AJ Thompson All Author's Posts
Interested in lowering breach costs with AI?

Request a demo or contact sales on: 0207 448 8500

Get in touch

Our Awards & Accreditations

See all Awards