.png)
Data breach economics shifted in 2025, and 2026 is shaping up to be the year defenders test whether those gains hold. The global average cost of a data breach fell to $4.44 million, a 9% drop from $4.88 million the prior year, according to the IBM Cost of a Data Breach Report 2025. The improvement was driven by faster detection, with the mean time to identify and contain a breach falling to 241 days, the lowest in nine years. The picture is not uniformly rosy. US organizations now pay an average of $10.22 million per breach, a record high, and the Identity Theft Resource Center tracked 3,322 US data compromises in 2025, the highest annual count it has ever recorded.
Summary: key data breach statistics at a glance
- $4.44 million is the global average cost of a data breach in 2025, down 9% year over year (IBM, 2025).
- $10.22 million is the US average breach cost, a record for the 15th consecutive year (IBM, 2025).
- 241 days is the mean time to identify and contain a breach (181 to identify, 60 to contain), per IBM, 2025.
- 60% of breaches involve a human element, according to the Verizon 2025 Data Breach Investigations Report.
- 30% of breaches involved a third party in 2025, double the 15% reported the prior year (Verizon, 2025).
- 44% of breaches involved ransomware, up from 32% a year earlier (Verizon, 2025).
- 3,322 US data compromises were tracked in 2025, the most ever in a single year (ITRC, 2025).
- 20% of breaches involved shadow AI, adding $670,000 to average breach costs (IBM, 2025).
- 61.5 million US individuals had protected health information exposed in 2025 (HHS OCR breach portal).
$16.6 billion was lost to internet crime in 2024, including $1.45 billion to personal data breaches (FBI IC3 2024 Report).
How much a data breach actually costs in 2026
After four straight years of rising breach costs, the global average finally bent downward. The IBM Cost of a Data Breach Report 2025 put the worldwide average at $4.44 million, a 9% drop from $4.88 million in 2024. IBM attributed most of the decline to security AI and automation: organizations with extensive AI deployment saved an average of $1.9 million per breach, the largest single-technology cost difference IBM has ever measured.
US organizations did not see that relief. The same IBM report pegged the US average at $10.22 million, up 9.2% from $9.36 million in 2024 and a new record for the 15th year in a row. Regulatory fines and higher detection and escalation costs explain most of the gap. Healthcare again topped the industry table at $7.42 million per breach, marking 14 straight years as the costliest sector, though that figure was down meaningfully from $9.77 million in 2024. Financial services came in at $5.56 million, industrials at $5.00 million, and energy at $4.83 million (IBM, 2025).
Detection speed is the single biggest cost lever. Breaches detected within 200 days cost $3.87 million on average; those that ran past the 200-day mark cost $5.01 million, a 24% premium (IBM, 2025). Going into 2026, that 200-day cliff is the number to beat.
The cost picture is even less forgiving for organizations operating with stretched security stacks. IBM reported that 51% of organizations plan to increase security investment after experiencing a breach, with incident response planning, employee training, and detection technologies topping the priority list. For organizations that had not yet adopted security AI or automation at the time of their breach, breach costs ran roughly $1.9 million higher than peers that had (IBM, 2025). The gap underscores why 2026 budget conversations are increasingly framed around tooling consolidation rather than added headcount.
Breach volume and victim counts
The Identity Theft Resource Center tracked 3,322 publicly reported US data compromises in 2025, a 5% increase over 2024 and a 79% jump compared to five years ago. It was the largest annual total in the ITRC’s 20-year history. Victim notices, however, fell sharply to 278.8 million, down from 1.37 billion in 2024, because 2025 lacked the multi-hundred-million-record mega-breaches that defined the previous year. Financial services led all industries with 739 compromises, followed by healthcare (534), professional services (478), manufacturing (299), and education (188).
The drop in victim notices is misleading on its own. When 2024 included headline-grabbing breaches that each touched hundreds of millions of records, the absence of comparable events in 2025 created a statistical illusion of progress. The number of incidents kept climbing, the records-per-incident average just fell. For boards reviewing 2026 forecasts, the more useful framing is the 79% five-year jump in annual incident counts (ITRC, 2025), which captures the trend better than any single-year record total.
Healthcare deserves its own row in any 2026 dashboard. The US Department of Health and Human Services Office for Civil Rights breach portal shows large healthcare breaches falling 4.3% year over year, with the total now stabilizing around 700 to 750 reportable incidents a year, roughly two big breaches a day. Records exposed dropped to about 61.6 million, a 78.7% decrease from the 289.2 million breached in 2024. Hacking and other IT incidents accounted for more than 80% of large healthcare breaches, with network server compromises (61.5%) and email account takeovers (24.9%) leading the cause-of-loss list. OCR resolved 21 HIPAA enforcement actions in 2025, collecting $8.33 million in penalties.
How breaches actually happen
The Verizon 2025 Data Breach Investigations Report analyzed more than 22,000 security incidents and 12,195 confirmed breaches, the largest dataset in the report’s history. The headline is that the human element is still involved in roughly 60% of breaches, whether through error, social engineering, or misuse. Credential abuse was the leading initial access vector at 22%, followed by exploitation of vulnerabilities at 20% and phishing at 16%. Among basic web application attacks, 88% involved stolen credentials.
Two trend lines deserve direct attention from IT leaders planning 2026 controls. First, third-party involvement in breaches doubled from 15% to 30% in a single year (Verizon, 2025), which makes vendor risk management and SaaS inventory hygiene the difference between a contained incident and a multi-organization news cycle. Second, ransomware was present in 44% of breaches, up from 32% the prior year. Small and medium businesses bore the brunt: 88% of SMB breaches included a ransomware component, against 39% for enterprises (Verizon, 2025). The median ransom payment fell to $115,000, and 64% of victims refused to pay.
On the criminal-economy side, the FBI Internet Crime Complaint Center logged 859,532 complaints in 2024 with reported losses topping $16.6 billion, a 33% jump from 2023. Personal data breach was the third most reported crime at 64,882 complaints, with $1.45 billion in associated losses. Business email compromise and investment fraud, both of which often begin with credential or identity data exposed in a breach, drove $2.7 billion and $6.5 billion in losses respectively.
Industry and regional breakdown
Sector matters more than ever for breach economics. Beyond the IBM industry rankings, the ENISA Threat Landscape 2025 report analyzed 4,875 incidents across the EU between July 2024 and June 2025. Data breaches accounted for 20.5% of all analyzed incidents in Europe, with EU digital infrastructure and services the most-targeted segment at 27.7%, largely because of high-volume sales of telecom customer data on cybercrime forums. Of all observed intrusions, 68.6% led to data being offered for sale on criminal marketplaces, and 2.8% of those sales were tied to ransomware extortion. Public administration networks remained the leading target at 38%, with transport (especially maritime and logistics) emerging as a high-value sector.
Across borders, the story is consistent: financial services, healthcare, and public sector entities sit in the top three target lists from US (ITRC) and EU (ENISA) datasets alike.
Emerging trends: what is new in 2026
The most consequential shift in the 2025 data, and the one journalists will be watching most closely in 2026, is AI on both sides of the breach equation. Per IBM Cost of a Data Breach 2025, shadow AI (the unsanctioned use of generative AI tools by employees) was a factor in 20% of breaches and added an average of $670,000 to the cost of those incidents. In breaches involving shadow AI, 65% exposed personally identifiable information. One in six breaches involved attackers using AI themselves, most commonly to draft phishing emails (37% of AI-assisted attacks) or deepfake impersonations (35%). 97% of AI-related breaches occurred at organizations without AI access controls, and 63% of organizations still lack any AI governance policy.
ENISA observed the same pattern from the threat-actor side: by early 2025, AI-supported phishing campaigns made up more than 80% of observed social engineering activity worldwide (ENISA, 2025). For security teams, that means inbox-based controls calibrated against 2023-era phishing benchmarks are likely under-tuned for what 2026 traffic actually looks like.
Two other 2026 numbers stand out. The Verizon DBIR research team noted that phishing click-through failure rates were unaffected by traditional awareness training, suggesting that organizations relying on training alone as a control are misallocating budget. And on the third-party front, the same 30% figure that captures supply-chain breach involvement is also the share of incidents that organizations could realistically have prevented through better vendor inventory and SaaS access reviews.
For broader context on the trends above, see our cyber attack statistics and ransomware statistics roundups.
How swif.ai helps reduce data breach risk
swif.ai gives IT and security teams a single console to enforce device, identity, and compliance controls across the macOS, Windows, and Linux endpoints behind the numbers above. Explore swif.ai unified endpoint management to see how it works.
.webp)
