Cost of a Data Breach Report 2025
The most widely-cited annual breach-cost benchmark. The 2025 edition puts the global average at USD 4.44m (down 9% from USD 4.88m — the first fall in five years) and the US average at an all-time high of USD 10.22m; it reports a 241-day mean time to identify and contain a breach (a nine-year low), which it links in part to AI-assisted security, and flags shadow AI as a USD 670k cost-adder, with 97% of organisations that had an AI-related incident lacking AI access controls.
- Published by
- IBM, with the Ponemon Institute
- Type
- Annual benchmark report
- Scope
- 16 countries/regions · 17 industries
- Jurisdiction
- Global
- Topic tags
- Breach cost · benchmarks · AI risk · security
Why it matters
These are the numbers privacy and security leaders cite to justify budget and board attention — and this year's AI-risk findings are directly useful for framing AI-governance business cases.
Listed as a widely-recognised, independently-produced industry benchmark — an exception to our general exclusion of vendor materials. We link to the source; we do not host or endorse it.