The Cost of a Data Breach Report 2025, published by IBM and the Ponemon Institute, highlights how the financial and operational impact of breaches is shifting in an AI-driven world. For the first time in five years, the global average cost of a breach has fallen, showing that investments in detection and response are starting to pay off. But the picture isn’t all positive—U.S. costs hit an all-time high, shadow AI is fueling risks, and healthcare remains the costliest industry. The findings also reveal that while AI can lower costs and speed recovery, attackers are equally quick to exploit it for phishing, deepfakes, and large-scale campaigns. This report is a wake-up call: businesses that don’t pair innovation with governance will face higher risks and steeper costs in the years ahead.

TL; DR Key Highlights of the 2025 Report

• Global breach costs fell to $4.44M, the first decline in five years.
• U.S. breach costs hit $10.22M, the highest on record.
• Shadow AI breaches added $670K to costs on average.
• AI in security saved $1.9M and cut recovery time by 80 days.
• 16% of breaches involved attackers using AI, mostly for phishing and deepfakes.
• Healthcare remained the most expensive industry, averaging $7.42M per breach.
• Ransomware resistance grew, with 63% of organizations refusing to pay ransom.
• Skills shortages raised costs, with impacted organizations averaging $5.22M per breach.

Global Costs Drop, But U.S. Numbers Soar

The 2025 report shows that the global average cost of a breach declined for the first time in five years, dropping to $4.44 million from $4.88 million. This decline reflects improvements in early detection and containment across many regions. However, not all parts of the world shared in this progress. While costs fell in regions such as Europe, Asia-Pacific, and Latin America, the United States moved in the opposite direction. U.S. breaches averaged $10.22 million, a record high, more than twice the global average. Much of this surge is tied to regulatory fines, escalating detection and legal expenses, and significant business disruption costs. This regional divide highlights that although global averages are improving, organizations in the U.S. remain under greater financial strain when responding to data breaches.

One of the biggest findings is that the global average cost of a breach fell to $4.44 million, down from $4.88 million in 2024. Faster detection and better containment measures contributed to this decline.

But the story in the United States is very different. U.S. breach costs hit a record $10.22 million—more than double the global average. Steeper regulatory fines and higher legal and detection expenses are driving this increase. For U.S. businesses, this means the financial risk of a breach is greater than ever.

Detection and Containment Times Improve

The time it takes to identify and contain a breach dropped to 241 days in 2025, the fastest in nearly a decade and a marked improvement from the 277-day average in 2024. This reduction means organizations are catching incidents sooner and restoring systems faster. The report also found that companies able to identify breaches internally saved almost $900,000 more compared to those where the attack was flagged by external sources such as regulators or third parties. Faster internal detection not only lowers financial losses but also reduces reputational damage and helps organizations maintain customer trust.

To strengthen internal detection further, businesses should invest in advanced monitoring tools such as Security Information and Event Management (SIEM) platforms, endpoint detection and response (EDR) systems, and AI-driven analytics. They should also enable continuous network monitoring, run regular threat-hunting exercises, and provide employee training on spotting suspicious activity. Finally, building a dedicated security operations center (SOC) or partnering with a managed detection and response (MDR) provider ensures incidents are identified quickly and acted on effectively.

This improvement highlights how investing in faster detection tools, strong incident response (IR) plans, and proactive monitoring can significantly cut costs.

The Growing Risk of Shadow AI

Shadow AI refers to the unsanctioned use of AI tools, models, or applications that bypass official approval and governance structures. In 2025, the report revealed that 20% of organizations experienced breaches tied to shadow AI, making it one of the fastest-growing risk categories. These breaches cost an average of $670,000 more than other types of incidents.

The problem is compounded by the fact that shadow AI often lacks authentication protocols, audit trails, and monitoring—meaning IT and security teams may not even be aware of its existence until after a breach occurs. In many cases, employees use third-party AI tools to speed up workflows without considering data security or compliance obligations.

This creates blind spots that attackers can exploit, especially when sensitive data is processed or stored in unsecured environments. The report warns that as AI adoption accelerates, organizations that fail to establish governance frameworks, implement usage policies, and run regular audits will face increasing exposure to shadow AI risks.

AI adoption is surging across industries, but it’s not always managed properly. The report found that 20% of organizations experienced breaches linked to shadow AI—the use of unapproved or unsanctioned AI tools.

These incidents come at a price: shadow AI breaches cost $670,000 more on average. Since shadow AI often lacks authentication, monitoring, and governance, attackers find it easy to exploit. This risk will only grow as AI tools become more common in workplaces.

AI as Both Shield and Weapon

AI is shaping both sides of the cybersecurity battle, creating one of the most significant themes of the 2025 report.

On the defensive side, organizations that invested heavily in AI-driven security saw real benefits:

• Companies using AI extensively reported average breach costs of $3.62 million, compared to $5.52 million for those with no AI use.
• AI tools cut the average breach lifecycle from 284 days to 204 days, allowing businesses to recover 80 days faster.
• AI-driven monitoring and automation reduced detection costs, which remain one of the highest expense categories in breaches.
• Overall, organizations saved nearly $1.9 million per breach when AI was a central part of their security operations.

AI helped defenders identify phishing attempts, detect anomalies in user behavior, and automate containment before attackers could escalate. These benefits explain why 32% of organizations now use AI extensively, up from 31% last year.

On the attacker side, AI has also become a powerful enabler:

• 16% of breaches involved attacker use of AI—a figure expected to rise in the coming years.
• Phishing remains the top use case (37%), where generative AI makes emails more personalized and convincing.
• Deepfakes accounted for 35% of AI-enabled breaches, often used for impersonation of executives or trusted employees.
• Attackers are using AI to automate reconnaissance, identify weak points in networks, and even bypass traditional defenses faster.

The dual role of AI highlights a growing paradox: the same technology that helps reduce costs for defenders is also lowering the barrier of entry for attackers. Businesses that adopt AI without governance or security checks risk giving adversaries the upper hand.

Weak Governance Makes Breaches Worse

The study revealed that 97% of organizations affected by AI-related breaches lacked proper access controls. Governance is also weak: only one-third of organizations regularly audit for shadow AI usage.

This lack of oversight creates a dangerous gap. Without strict governance, even companies investing in advanced tools may still be exposed to AI-enabled threats.

Common Breach Entry Points

While AI threats are growing, traditional attack methods remain the top entry points:

• Phishing accounted for 16% of breaches, often leading to stolen credentials or malware infections.
• Supply chain and vendor attacks followed closely, showing how interconnected business systems create opportunities for attackers.
• Malicious insider attacks were the most expensive, costing an average of $4.92 million per breach. These are difficult to detect because they involve trusted employees or contractors.

Healthcare Stays the Costliest Sector

Healthcare has remained the most expensive industry for data breaches for 14 consecutive years, with the 2025 report placing the average breach cost at $7.42 million. While this reflects a decrease of about $2.35 million from 2024, the sector continues to face unique challenges. Healthcare organizations also experience the longest breach lifecycles, averaging 279 days to identify and contain an incident—more than a month longer than the global average of 241 days.

Patient records are highly sensitive, and breaches in this sector often trigger regulatory penalties, lawsuits, and lasting reputational harm. The report notes that lost business costs are especially high in healthcare due to patient trust erosion, and fines from compliance requirements such as HIPAA further drive up expenses. With attackers frequently targeting hospitals and health systems for ransomware, downtime can also directly impact patient care, making healthcare breaches among the most damaging both financially and operationally.

For the 14th year in a row, healthcare is the most expensive industry for breaches. The average cost in 2025 was $7.42 million, even though this is lower than 2024 levels.

Healthcare breaches also take the longest to resolve, averaging 279 days compared to the global average of 241. This lag increases costs, damages patient trust, and puts critical operations at risk.

Ransomware and Recovery

Ransomware continues to be one of the most disruptive and costly forms of cyberattack in 2025. The report highlights that while the frequency of ransomware incidents has not declined, organizational responses are evolving. In 2025, 63% of organizations refused to pay ransom, up from 59% in 2024, showing a growing unwillingness to meet attacker demands. Average ransomware-related breaches cost organizations around $5.08 million, largely due to operational downtime, data restoration, and reputational harm.

Recovery times have improved slightly, with 35% of organizations reporting full recovery after breaches, compared to just 12% in 2024. However, most victims still take more than 100 days to fully recover, with costs mounting from lost productivity and customer churn. The report also notes that organizations involving law enforcement experienced faster recovery on average, though fewer companies chose to take that step this year.

Key steps to strengthen ransomware resilience include maintaining offline backups, using network segmentation to limit attacker movement, regularly testing recovery plans, and training employees to spot suspicious files and links. Companies that had robust incident response plans and pre-established playbooks reduced the financial and operational fallout considerably compared to those that improvised during an attack. remains a major concern, but attitudes toward ransom payments are shifting. In 2025, 63% of organizations refused to pay ransom, up from 59% in 2024.

Recovery times have improved slightly, with 35% of organizations reporting full recovery after breaches, compared to just 12% in 2024. Still, most companies take over 100 days to fully recover, showing that ransomware continues to be a high-cost, high-disruption threat.

Factors Driving Costs Up or Down

Not every breach carries the same price tag. IBM’s Cost of a Data Breach Report 2025 highlights several factors that can either reduce or increase the financial impact of a cyberattack. Knowing these drivers helps businesses focus on where to invest for maximum protection.

Factors That Reduce Breach Costs

• DevSecOps Integration
  Embedding security into the development lifecycle reduces vulnerabilities before products reach production. Companies practicing DevSecOps save millions by lowering risks of configuration errors and weak code.
• Encryption and Data Protection
  Data protected by strong encryption is harder for attackers to exploit. Even if stolen, encrypted data is unusable, reducing regulatory fines and reputational damage.
• AI and Automation in Security
  AI-enabled defenses detect anomalies, contain threats faster, and reduce manual effort. Organizations with extensive AI adoption cut costs by nearly $2 million compared to non-users.
• Incident Response (IR) Planning
  Having a documented, tested incident response plan allows faster recovery. Businesses that train staff and run simulations saw breach costs drop by about 20%.

Factors That Increase Breach Costs

• Shadow AI
  Unmonitored AI tools expose sensitive data and increase risks. These breaches added an average of $670,000 in 2025.
• Complex Security Environments
  Companies juggling too many disconnected security tools struggle to coordinate response. This tool sprawl increases average costs above $5 million.
• Supply Chain and Vendor Breaches
  Attacks on third-party providers ripple across multiple organizations, complicating detection and response. These breaches are among the longest to resolve and most expensive overall.
• Cybersecurity Skills Shortages
  Lack of trained security professionals leads to delayed detection and slower response. Organizations with critical talent gaps paid an average of $5.22 million per breach, far above the global average.

Comparison Table: Factors vs. Impact on Breach Costs

Action Steps for Businesses

Based on the report, here’s what companies should prioritize:

1. Secure digital identities—including employees, contractors, and AI agents—using advanced authentication such as passkeys and MFA.
2. Protect AI-related data by classifying, encrypting, and governing access.
3. Strengthen governance with clear policies on AI use and audits to detect shadow AI.
4. Adopt AI-driven security tools to detect breaches earlier and respond faster.
5. Build resilience with tested IR plans, employee training, and simulated breach exercises.
   

To Sum Up

The Cost of a Data Breach Report 2025 makes it clear that the stakes of cybersecurity are higher than ever. While the global cost of breaches has finally decreased, the sharp rise in U.S. expenses, the risks posed by shadow AI, and the mounting challenges in healthcare show that progress is uneven. AI is now both a shield and a weapon, offering organizations powerful tools to cut costs and speed recovery but also giving attackers new ways to scale and automate their campaigns.

The lesson is straightforward: businesses that combine innovation with governance, invest in skilled teams, and prepare for disruption will be the ones best positioned to withstand the next wave of attacks. Those who delay or ignore these measures risk higher costs, slower recovery, and long-term damage to trust.