The Cost of a Data Breach 2025
- Katarzyna Celińska
- Oct 14
- 2 min read
IBM and the Ponemon Institute have released their 20th annual Cost of a Data Breach Report. I’ve been following Ponemon studies for years, and they remain one of the most valuable resources I use in lectures, trainings, and advisory work.
Global average breach cost fell for the first time in five years to $4.44M (down from $4.88M in 2024) thanks to faster containment powered by AI and automation.
U.S. breaches bucked the trend, hitting a record $10.22M average cost — driven by higher regulatory fines and detection costs.
Healthcare remains the most expensive sector at $7.42M per breach, despite improvement from last year’s $9.77M.
Time to identify & contain dropped to a 9-year low of 241 days — a positive sign of maturing defenses.
Maliciousinsiders ($4.92M) and supply chain compromise ($4.91M) were the costliest initial attack vectors.
Phishing (16%) is now the most common entry point, averaging $4.8M per breach.
AI in attacks: 16% of breaches involved attackers leveraging AI, especially for phishing (37%) and deepfakes (35%).
Shadow AI added $670K in costs on average and made breaches longer and more damaging.
"It’s not the first time I’ve read Ponemon reports — they’ve always been central to my work. What struck me this year is the mix of progress and new challenges. Security maturity is rising, but threat actors are adapting just as quickly. The recent “Shai-Hulud” NPM credential theft shows how dangerous supply chain and third-party compromises have become. Along with malicious insiders, phishing, compromised credentials, and vulnerability exploitation — these remain the most pressing threats.
I’m not a DevSecOps expert, but I keep learning. If you want to learn from the best in this field, I strongly recommend checking the work and trainings of Bezpieczny Kod.
This is the first post in the series. This series of posts will explore:
1️⃣ Global & industry breach costs
2️⃣ Attack vectors and lifecycle analysis
3️⃣ AI as both a security enabler and a threat
4️⃣ Recommendations for CISOs and boards
Author: Sebastian Burgemejster
Comments