Skip to content

Global average total cost of a data breach growth up to $4.88 mn

Nataly Kramer
Nataly Kramer
4 min
Cyber Insurance Market Competition Intensifies
Overview
  1. The average cost of a data breach
  2. Average cost of a data breach divided into four segments
  3. Stolen or compromised credentials are costly

In the first half of 2025, there were approximately 1,732 publicly reported data breaches in the United States, an increase of 11% compared to the same period in 2024.

These incidents affected around 165.7 mn individuals, although the total number of victims remained lower than in 2024 because there were fewer mega breaches.

About 77.8% of breaches were caused by cyberattacks, which exposed the personal data of approximately 114.6 mn individuals.

Globally, the average cost of a data breach rose to about $4.88 mn, marking a 10% increase over the previous year. In the healthcare sector, the average cost of a breach exceeded $9.77 mn per incident. Total projected global losses from cybercrime are expected to reach around $10.5 tn by the end of 2025.

The average cost of a data breach

  • $9.44 mn is average cost of a data breach in the United States
  • $4.88 mn is global average total cost of a data breach
  • $10.1 mn is average total cost of a breach in the healthcare industry
  • $1.12 mn is average savings of containing a data breach in 200 days or less
    $4.54 mn is average cost of a ransomware attack
  • $5.12 mn ia average cost of a destructive attack
  • $4.24 mn is average data breach cost in organizations with private clouds
  • $5.02 mn is average data breach cost in organizations with public clouds
  • $2.66 mn is average breach cost savings at organizations with an IR team that tested their plan versus those who didn’t

In the United States, about 9% of publicly traded companies reported breaches that impacted an estimated 143 mn individuals. Over the past year, breaches in the United States affected approximately 353 mn individuals, a 72% increase compared to two years earlier.

Credential misuse was involved in 86 percent of breaches, with stolen credentials playing a role in about 31 percent of incidents. Cloud environments were implicated in roughly 82 percent of breaches.

Healthcare experienced significant challenges, with a steady rise in the number and scale of breaches. In June 2025 alone, 70 healthcare-related breaches affected about 7.61 mn individuals. The median monthly breach size reached about 4.7 mn records, and some incidents exposed tens of millions of records.

Internationally, one of the largest breaches involved the exposure of 4 bn records from an unsecured database in China, including data from hundreds of millions of users. Another major breach at a financial institution in Iran affected over 42 mn individuals.

On average, organizations took about 204 days to detect a breach and 73 days to contain it. Those that managed to detect and contain breaches within 200 days reduced costs by around $1 mn per incident.

The data for 2025 reflects increasing frequency and financial impact of breaches, growing risk in cloud and healthcare environments, and ongoing challenges in timely detection and containment.

Global average data breach in 2024 cost $4.4 million, up from 4.2 mn in 2021 and $3.9 mn in 2020, according to research by IBM and the Ponemon Institute.

The yearly average data breach cost increased the most between the year’s 2020 and 2021 – a spike likely influenced by the COVID-19 pandemic. The average data breach costs in 2023 is $4.35 million, a 2.6% rise from 2021 amount of $4.24 mn.

The best way to prevent a data breach is to understand why it’s happening. Now in its 17th year, the 2022 Cost of a Data Breach report shares the latest insights into the expanding threat landscape and offers recommendations for how to save time and limit losses.

Average cost of a data breach divided into four segments

Average cost of a data breach divided into four segments
Source: IBM

Business owners know their data can be a valuable asset. Unfortunately, cyber attackers know this, too.

For 83% of companies, it’s not if a data breach will happen, but when. Usually more than once. When detecting, responding to and recovering from threats, faster is better. Organizations using AI and automation had a 74-day shorter breach lifecycle and saved an average of USD 3 million more than those without.

That’s why having a robust cybersecurity plan is imperative in the digital age.

But no business is 100% safe from cyber threats. Bad actors are becoming more aggressive in exploiting gaps in digital security and stealing valuable information. The rise of remote work has exposed more points of attack.

Many businesses expect to mitigate the financial impact of cyberattacks with adequate insurance. Keep in mind that standard property and liability insurance policies do not cover many types of cyber risk.

For the 12th year in a row, the United States holds the title for the highest cost of a data breach, USD 5.09 million more than the global average.

Stolen or compromised credentials were not only the most common cause of a data breach, but at 327 days, took the longest time to identify. This attack vector ended up costing USD 150,000 more than the average cost of a data breach.

Stolen or compromised credentials are costly

Stolen or compromised credentials are costly
Source: IBM

In 2023, it took an average of 277 days—about 9 months—to identify and contain a breach. Shortening the time it takes to identify and contain a data breach to 200 days or less can save money.

The cost of a breach in the healthcare industry went up 42% since 2020. For the 12th year in a row, healthcare had the highest average data breach cost of any industry.

The share of breaches caused by ransomware grew 41% in the last year and took 49 days longer than average to identify and contain. Additionally, destructive attacks increased in cost by over USD 430,000.

Organizations that had a fully deployed AI and automation program were able to identify and contain a breach 28 days faster than those that didn’t, saving USD 3.05 million in costs. However, it’s not all or nothing. Organizations with a partially deployed AI and automation program fared significantly better than those without.

While 45% of breaches occurred in the cloud, organizations with a hybrid cloud model had lower average data breach costs—USD 3.80 million—compared to organizations with a public or private cloud model.

Having an incident response (IR) plan is only the first step. Testing that plan regularly can help you proactively identify weaknesses in your cybersecurity and shore up your defenses. Not to mention you can save millions in data breach costs.

Nataly Kramer   by Nataly Kramer

EBR Systems breach highlights rising cyber pressure on Australia’s healthcare sector
EBR Systems breach highlights rising cyber pressure on Australia’s healthcare sector
A cyber incident at EBR Systems points to a wider rise in targeted attacks across Australia, where healthcare data carries high value and breach fallout often extends well beyond initial disruption
Cybertech Surf launches with $57 mn to push AI-led preventive cybersecurity
Cybertech Surf launches with $57 mn to push AI-led preventive cybersecurity
New York-based Surf emerged from stealth with $57 mn in funding to automate security hygiene and remediate enterprise risks with agentic AI
How businesses can reduce cyber risk and limit digital loss
How businesses can reduce cyber risk and limit digital loss
Businesses face higher cyber risk from breaches, outages, and human error. Strong backups, staff training, the right tools, insurance, and response plans help
Jones Day data breach exposed files tied to 10 client matters
Jones Day data breach exposed files tied to 10 client matters
Jones Day said a phishing attack exposed dated files tied to 10 clients, as the Silent cybercrime group claimed responsibility for the breach
KYND flags website tracking lawsuits as a growing cyber claims risk
KYND flags website tracking lawsuits as a growing cyber claims risk
KYND says privacy lawsuits tied to website tracking are rising fast, with SMBs showing higher exposure and insurers facing a harder-to-detect accumulation risk
Geneva Association says cyber insurance must do more for resilience
Geneva Association says cyber insurance must do more for resilience
The Geneva Association says cyber threats are rising faster than many firms can manage, with cyber insurance still underused as a resilience tool, especially among SMEs
Agent-based AI will change cyber offence and defence, Munich Re says
Agent-based AI will change cyber offence and defence, Munich Re says
Munich Re says agent-based AI will change cyber offence and defence, widening attack surfaces, pressuring trust, and raising the pace of cyber threats
Munich Re says cyber insurance needs wider uptake as threats intensify
Munich Re says cyber insurance needs wider uptake as threats intensify
Munich Re says cyber risks are widening beyond ransomware and calls for stronger resilience, broader cyber insurance uptake, and closer market collaboration