IBM Cost of a Data Breach Report 2025

IBM Security's 20th annual Cost of a Data Breach Report reveals a 9% decrease in the global average cost of a data breach, now at $4.4 million in 2024. IBM attributes the decline to a faster average breach lifecycle, the reduction in the time it takes to identify and contain a breach, which dropped by 17 days to 241 days, as more organisations detected breaches internally. Internal detection saved organisations an average of $900,000 in costs compared to breaches disclosed by attackers.

In addition, the study identified that organisations are increasingly refusing to pay ransom demands, with 63% opting not to pay in 2024, up from 59% the previous year. Despite this, the average cost of extortion or ransomware incidents remains high, particularly when disclosed by an attacker ($5.08 million).

Meanwhile, 13% of organisations reported artificial intelligence (AI) related security breaches, with 97% of those organisations admitting to not having AI access controls in place. A further 8% did not know whether their AI models had been compromised. The study found that 60% of such incidents led to compromised data, while 31% led to operational disruption.

The report also indicates a decline in planned security investments following a breach, from 63% in 2024 to 49% in 2025, with less than half focusing on AI-driven security solutions. Nearly all surveyed organisations experienced operational disruption, with most taking over 100 days to recover. Furthermore, almost half of the affected organisations plan to increase prices for goods or services due to breaches, with nearly a third reporting increases of 15% or more.