{"id":14661,"date":"2025-08-22T07:32:30","date_gmt":"2025-08-22T07:32:30","guid":{"rendered":"https:\/\/newestek.com\/?p=14661"},"modified":"2025-08-22T07:32:30","modified_gmt":"2025-08-22T07:32:30","slug":"what-is-the-cost-of-a-data-breach","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=14661","title":{"rendered":"What is the cost of a data breach?"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

For modern businesses, regardless of industry or size the financial impact of a data breach is substantial. IBM\u2019s latest Cost of a Data Breach report<\/a> discovered that, from March 2024 to February 2025, the average cost of a data breach<\/a> globally fell 9% to $4.44 million, the first decline in five years.<\/p>\n

Faster identification and containment of breaches \u2014 much of it from organizations\u2019 own security and service teams, with help from AI and automation \u2014 drove this decline, according to IBM.<\/p>\n

The 2025 report, conducted by Ponemon Institute and sponsored by IBM, is based on an analysis of data breaches experienced by 600 organizations globally.<\/p>\n

The average time to identify and contain a breach (including restoring services) dropped to 241 days, a 17-day reduction from the 2024 report.<\/p>\n

Healthcare breaches remained the most expensive across all studied industries \u2014 averaging $7.42 million \u2014 despite the sector achieving a $2.35 million reduction in costs compared to 2024.<\/p>\n

Phishing attacks (16%) were the most commonly reported root causes of data breaches. Supply chain compromise surged to become the second most prevalent attack vector (15%), overtaking compromised credentials.<\/p>\n

Eric O\u2019Neill<\/a>, former FBI counterintelligence operative and now national security strategist at NeXasure.ai, tells CSO that it was difficult to make any better than an educated guess about breach costs \u2014 so IBM\u2019s report is best viewed as a useful indicator on industry trends.<\/p>\n

\u201cThe variables \u2014 breach scope, litigation, remediation, operational disruption, reputational damage, and regulatory penalties \u2014 are too numerous and unpredictable for precise calculation,\u201d O\u2019Neill says. \u201cIBM\u2019s figures are valuable for identifying trends, but they are still approximations rather than exact measurements.\u201d<\/p>\n

Several experts quizzed by CSO named the cybersecurity skills gap, supply chain vulnerabilities, and the escalating threat landscape as the three main factors in making breaches more expensive and harder to manage.<\/p>\n

<\/a>Regional costs<\/h2>\n

Despite the global decrease, US enterprises bucked the overall trend<\/a>, with estimated costs rising to $10.22 million in 2025, a 9% increase over 2024\u2019s estimation.<\/p>\n

This rise was driven in part by steeper regulatory penalties and rising detection costs, according to the IBM-sponsored study.<\/p>\n

The Middle East, which considered Saudi Arabia and the United Arab Emirates for the report, was No. 2 of the 16 countries and regions surveyed, at $7.29 million.<\/s><\/p>\n

Canada ($4.84 million) and the UK ($4.14million) remain in the top 10 hardest hit, with ASEAN or Association of Southeast Asian Nations ($3.67 million), Australia<\/a> ($2.55 million), and India ($2.51 million) among the top 15.<\/p>\n

<\/a>Breaches by industry<\/h2>\n

Healthcare remains the industry hit with the highest costs per breach by far, at $7.42 million despite a drop from $9.77 million last year.<\/p>\n

Attackers continue to value and target the industry\u2019s patient personal identification information (PII), which can be used for identity theft, insurance fraud, and other financial crimes. Healthcare breaches took the longest to identify and contain at 279 days \u2014 more than five weeks longer than the global average.<\/p>\n

Average breach cost by industry<\/strong><\/p>\n

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Industry<\/strong><\/td>\n2025<\/td>\n2024<\/strong><\/td>\nChange<\/strong><\/td>\n<\/tr>\n
Healthcare<\/td>\n$7.42M<\/td>\n$9.77M<\/td>\n-24%<\/td>\n<\/tr>\n
Financial<\/td>\n$5.56M<\/td>\n$6.08M<\/td>\n-8.6%<\/td>\n<\/tr>\n
Industrial<\/td>\n$5.00M<\/td>\n$5.56M<\/td>\n-10%<\/td>\n<\/tr>\n
Energy<\/td>\n$4.83M<\/td>\n$5.29M<\/td>\n-8.7%<\/td>\n<\/tr>\n
Technology<\/td>\n$4.79M<\/td>\n$5.45M<\/td>\n-12%<\/td>\n<\/tr>\n
Pharmaceuticals<\/td>\n$4.61M<\/td>\n$5.10M<\/td>\n-9.7%<\/td>\n<\/tr>\n
Professional services<\/td>\n$4.56M<\/td>\n$5.08M<\/td>\n-10%<\/td>\n<\/tr>\n
Entertainment<\/td>\n$4.43M<\/td>\n$4.09M<\/td>\n+8.3%<\/td>\n<\/tr>\n
Media<\/td>\n$4.22M<\/td>\n$3.94M<\/td>\n+7.1%<\/td>\n<\/tr>\n
Hospitality<\/td>\n$4.03M<\/td>\n$3.82M<\/td>\n+5.5%<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/figure>\n

Reputational damage still a big cost of being breached<\/h2>\n

In many ways immeasurable, reputational damage<\/a> remains among the most significant costs in the wake of a breach. \u201cUltimately, customer trust is very easy to break, and very difficult to build,\u201d Allie Mellen<\/a>, senior analyst at Forrester, tells CSO.<\/p>\n

Bob Dutile<\/a>, chief commercial officer at UST, agrees: \u201cThe cost of a data breach is typically realized in relative competitive change in the marketplace. Companies find that their brand does not command the same price premium, customer conversion costs are higher, and market share is lost. For a public company, the near-term assessment of the cost impact is reflected in stock price movement.\u201d<\/p>\n

According to Dutile, research shows that between $8 million and $10 million is a good planning number in the US for a midsize business facing a modest breach of under 250,000 records. About a third of that cost will be loss of business due to reputation damage.<\/p>\n

How a company responds to and communicates a breach can have a large bearing on that reputational impact, Forrester\u2019s Mellen notes. \u201cUnderstanding how to maintain trust with your consumers and customers is really critical here,\u201d she adds. \u201cThere are ways to do this, especially around building transparency and using empathy, which can make a huge difference in how your customers perceive you after a breach. If you try to sweep it under the rug or hide it, then that will truly affect their trust in you far more than the breach alone.\u201d<\/p>\n

<\/a>Severe business downtime can cost millions<\/h2>\n

Business downtime can be significantly costly for a breached organization, depending on the level and extent of the downtime and how technology-dependent the firm is.<\/p>\n

Nearly all the organizations studied suffered operational disruption, taking an average of 100 days to recover from a security incident.<\/p>\n

Jason Hicks<\/a>, field CISO at Coalfire, tells CSO: \u201cOften a breach is not going to take a company completely offline, but it can happen. The more critical systems that are taken down, the more significant the cost.\u201d<\/p>\n

Manufacturing tends to have the best metrics around this, as it\u2019s relatively simple to measure the cost per minute if an assembly line is down, Hicks says. \u201cThis can translate into millions of dollars a day for a large manufacturing company. This can be more nebulous for other industry verticals, but there are models to get a reasonable feel that can be applied to each vertical.\u201d<\/p>\n

<\/a>Regulation and litigation add to data breach costs<\/h2>\n

Increasingly strict data protection and privacy laws<\/a> along with litigation are seeing a growing number of companies issued large fines, paying hefty settlements, and stumping up for legal fees following data breaches and non-compliance.<\/p>\n

The IBM-sponsored report found that a third of organizations paid a regulatory fine because of breaches. US organizations paid the highest fines, a factor that drove up overall breach costs.<\/p>\n

\u201cRegulated industries suffer not only the immediate cost of responding to, containing, and remediating vulnerabilities but also the long-term effects of additional penalties from their regulatory bodies and legal settlements,\u201d Nick says. Highly regulated industries, such as healthcare and financial services, typically run one and two in order of cost per breach because they will pay more non-compliance fines than others, he adds.<\/p>\n

\u201cInvestigation and adjudication often take years for the victim organization to reach a monetary settlement with affected parties.\u201d Legal costs<\/a> are one of the largest expenditures organizations face in data breaches, Nick states. \u201cOrganizations rarely have the legal and privacy expertise in-house. To ensure compliance, they must hire outside counsel to lead their reporting.\u201d<\/p>\n

<\/a>The role of cyber insurance<\/h2>\n

Cyber insurance<\/a> is one way companies mitigate the cost risks of breaches. Sharp increases in cyber insurance premiums have been stabilizing of late<\/a>, but even organizations covered by insurance can expect to dole out extra cash to make good after a breach. One definite cost hit will be a hike in their premiums, Guidehouse\u2019s Nick says.<\/p>\n

\u201cSome organizations have reported post-breach increases in premiums of approximately 200%,\u201d he adds.<\/p>\n

Insurers are also implementing more coverage limitations, meaning that even with a policy in place, businesses could find themselves financially responsible for certain breach-related costs.<\/p>\n

In fact, Forrester\u2019s Mellen says any notion that policies will allow organizations to fully recover financially from a cyberattack is folly. \u201cIn reality, it\u2019s not going to cover all of the costs associated with any type of cyberattack, and we see some insurance firms not even covering ransomware at this point as part of their payouts,\u201d she adds.<\/p>\n

Another factor to consider is that cyber insurance providers typically have a list of approved service providers such as lawyers and forensics firms, Hicks says.<\/p>\n

\u201cIf your preferred provider is not on their list, you may have to work with them to get them included, or potentially have to change providers. This can be costly, as firms are often leveraging their existing service providers to secure the maximum discounts based on the volume of work done with the partners,\u201d Hicks says.<\/p>\n

<\/a>Victims balk at ransomware payments<\/h2>\n

Last year more organizations refused to pay ransoms (63%) compared to the year prior (59%). However, the average cost of a ransomware incident was still estimated at $5.08 million.<\/p>\n

Fewer ransomware victims reported these criminal attacks to law enforcement \u2014 40% of organizations this year versus 53% last year.<\/p>\n

[Related: \u201c<\/strong>To pay or not to pay: CISOs weigh in on the ransomware dilemma<\/a>\u201c]<\/strong><\/p>\n

<\/a>Insufficient security staffing leads to higher breach costs<\/h2>\n

The cybersecurity skills shortage has challenged the industry for years. This year\u2019s report found 48% of organizations had a high level of security skills shortage, down from 53% last year.<\/p>\n

According to IBM\u2019s latest report, the security skills shortage is one of the biggest data breach cost amplifiers, with the average additional cost of data breach due to cyber skills shortage pegged at $1.57 million.<\/p>\n

If insufficient security staff equates to greater data breach costs, organizations should heed Mellen\u2019s warning about the impact a poorly handled data breach can have on employees.<\/p>\n

\u201cIf they don\u2019t feel like the organization is able to protect them or customers in the event of a breach, or that they blame their employees for a breach, then they\u2019re likely going to start looking for jobs elsewhere because it creates a bit of a hostile environment for them,\u201d she says. \u201cIt is very important for organizations to recognize that they need to accept responsibility and protect both their employees and their customers.\u201d<\/p>\n

Taking a DevSecOps approach to software development was the No. 1 factor that reduced breach costs, according to the report, ahead of use of AI and machine-learning insights. Running a security information and event management (SIEM)<\/a> platform for detecting and responding to threats rounded out the top three factors.<\/p>\n

One in five organizations (20%) said they suffered a breach due to security incidents involving shadow or unsanctioned use of AI tools<\/a>. Shadow AI is starting to rival supply chain breaches and security system complexity as a leading factor in exacerbating breach costs, according to the report.<\/p>\n

<\/a>Security AI and automation<\/h2>\n

In the face of staff and skills shortages, CISOs are increasingly turning to AI and automation to close the gap.<\/p>\n

According to IBM\u2019s latest report, the average cost saving per breach for organizations using security AI and automation tools was $2.22 million, up from $1.76 million in 2023.<\/p>\n

UK organizations using AI and automation across their security operations saw data breach costs drop to \u00a33.11 million per year, much lower than the \u00a33.78 million average cost for those not using these technologies. Less than one-third of UK organizations were making extensive use of AI technologies in their security operations, up slightly from last year\u2019s figures.<\/p>\n

In the UK, organizations reporting extensive use of security AI and automation achieved a mean time to identify (MTTI) and contain (MTTC) data breaches of 148 and 42 days, respectively \u2014 cutting breach response by 42 days compared to those not using these technologies (168 and 64 days).<\/p>\n

AI can sift through massive volumes of data in real-time, flag suspicious behaviour, and even take immediate containment actions \u2014 often before a human analyst can react.<\/p>\n

\u201cThis is the difference between responding in hours versus days, which results in lower costs,\u201d says Craig Watt<\/a>, threat intel analyst at Quorum Cyber. \u201cBut AI still doesn\u2019t eliminate the breach.\u201d<\/p>\n

Watt adds: \u201cAutomation may buy time, but it\u2019s not yet curbing the broader financial fallout.\u201d<\/p>\n

Ensar Seker<\/a>, CISO at threat intelligence platform vendor SOCRadar, agrees that security AI and automation can be effective in reducing breach response times, largely by enabling faster detection, containment, and remediation without waiting for manual intervention.<\/p>\n

\u201cOrganizations that have integrated AI-driven threat detection with automated response workflows can cut incident lifecycles dramatically, which directly impacts breach costs by limiting the window of damage,\u201d Seker says.<\/p>\n

However, these benefits are uneven. \u201cCompanies without mature processes or the right data pipelines often don\u2019t realize the full gains AI promises,\u201d Seker warns. \u201cCompanies without mature processes or the right data pipelines often don\u2019t realize the full gains AI promises.\u201d<\/p>\n