Massive data breaches incur an unprecedented financial toll of $4.9 million, asserts IBM report
Global Data Breach Costs Slightly Decline in 2025, But U.S. Costs Continue to Escalate
According to a recent report by Ponemon Institute, analyzed by IBM Security, the average global cost of a data breach in 2025 is $4.44 million, marking a 9% decrease from $4.88 million in 2024. This is the first reduction in five years and is primarily attributed to faster detection and containment of breaches aided by AI and automation.
However, since 2020, the average global cost has increased overall, with IBM’s report indicating a 15.3% rise from 2020 to 2025. In contrast, the cost in the United States has risen sharply, reaching an all-time high of $10.22 million in 2025, a 9% increase from the previous year.
Key points about this trend include:
- The global average breach lifecycle (time to identify and contain) has dropped to 241 days in 2025, the shortest in nine years, which helps reduce costs globally.
- AI plays a dual role: it helps defenders detect breaches faster, lowering costs, but attackers also use AI to enhance phishing and social engineering, increasing breach risks and costs in some regions.
- Despite the global cost decline, U.S. costs have risen, widening the gap between U.S. and global averages.
- Industry impacts vary, with healthcare breaches remaining the costliest globally, averaging over $7 million, though this is below prior years’ figures in some reports.
Data breaches that took more than 200 days to identify and contain had the highest average cost at nearly $5.5 million. The report included details on more than 600 organizations across 16 countries and regions impacted by data breaches between March 2023 and February 2024.
Weak or no credentials were the top initial access vector in cloud environment attacks during the first six months of 2024, accounting for 47% of such attacks. Attack identification and containment time for breaches attributed to stolen or compromised credentials reached an average combined time of 292 days.
A spree of attacks in April targeted more than 100 Snowflake customer environments. Compromised credentials are the top initial attack vector and root cause of data breaches this year, accounting for 16% of the breaches studied. Massive data breaches occurred at AT&T, Advance Auto Parts, and Pure Storage due to these attacks.
U.S. organizations have the highest average data breach cost of almost $9.4 million. The report also included interviews with more than 3,500 security and business leaders. The global average cost of a data breach is nearly $4.9 million this year.
Corporate stakeholders want to better understand the risk calculus of their technology stacks, answering the question: Are we a target? As data breaches continue to pose a significant threat, understanding the cost implications and taking proactive measures to protect sensitive information is crucial for businesses worldwide.
[1]: [Link to the source article 1] [2]: [Link to the source article 2] [3]: [Link to the source article 3] [4]: [Link to the source article 4] [5]: [Link to the source article 5]
- The report by Ponemon Institute, analyzed by IBM Security, reveals a decline in the global average cost of a data breach in 2025, attributing the decrease to faster incident response enabled by AI and automation, despite an overall increase in costs since 2020.
- Interestingly, the report highlights that cybersecurity risks, such as phishing and social engineering, have been enhanced by the use of AI, while AI also aids in quicker breach detection and containment, thereby impacting both sides of the cybersecurity landscape.
- Despite the global cost reduction, the report underscores a striking rise in the cost of data breaches in the United States, reaching an all-time high of $10.22 million in 2025, widening the gap between U.S. and global averages.
