kras99 - stock.adobe.com
Healthcare remains costliest industry for breaches at $7.42M
Despite maintaining its status as the most expensive industry for data breaches, healthcare saw a sharp reduction from last year's cost of $9.77 million, IBM's annual report found.
Healthcare remains the costliest industry for data breaches, with each breach costing an average of $7.42 million, IBM found in its 2025 "Cost of a Data Breach" report. Despite maintaining the top position for the 14th consecutive year, healthcare saw a reduction from last year's average cost of $9.77 million.
Ponemon Institute conducted the benchmark research on behalf of IBM. Researchers studied 600 organizations impacted by data breaches between March 2024 and February 2025, across 17 industries and 16 countries, and interviewed more than 3,400 security and C-suite business leaders. It is important to note that healthcare accounted for just 2% of the studied organizations.
Across all industries included in the report, the global average dropped to $4.44 million per breach, a 9% decrease from the 2024 report. Researchers attributed the global decline in breach costs to faster identification and containment, which was partially driven by AI and automation.
Despite the global cost savings, the U.S. remains an expensive locale to experience a data breach. In this year's report, average breach costs in the U.S. rose by 9% to $10.22 million, which the report attributed to higher regulatory fines and containment costs.
Key healthcare takeaways
Even as global breach costs dip, healthcare remains the costliest industry for a data breach. This indicates that while security improvements are being made across all industries, healthcare organizations continue to face unique challenges in protecting their sensitive data.
Ponemon Institute calculates the average cost of a data breach by assessing the cost of detection and escalation, post-breach response, lost business and notification.
In addition to being the costliest industry, healthcare data breaches took the longest to identify and contain, at 279 days -- five weeks longer than the global average.
"There are a number of factors that drive up breach costs for healthcare organizations, which are lucrative targets to attackers due to the sector's high-value data, the urgency of clinical operations, and reliance on legacy systems. That makes for a lot of leverage," Limor Kessem, global lead for cyber crisis management at IBM X-Force, said in an email interview.
"If we look back at very costly healthcare breaches over the past five years, we can see that the costliest are those breaches that impact the organization's own systems, third parties, and its ecosystem."
Kessem noted that the long lifecycle of healthcare data breaches contributes greatly to the steep costs, with each day of recovery driving those costs up. What's more, healthcare is a highly regulated industry. Regulatory fines and lawsuits stemming from breach-related privacy violations can further raise the costs.
"Healthcare breaches take the longest to detect and contain, giving attackers more time to steal sensitive data and disrupt care," Kessem added.
"That's where AI-powered security tools are showing a sizeable ROI. By essentially augmenting the security team's capabilities, they're helping to spot potential threats earlier, which means healthcare organizations can respond faster and limit the damage."
Globally, 16% of the studied breaches involved attackers using AI to manipulate humans. However, AI is also playing a key role in defense, with 32% of respondents reporting that they use security AI and automation tools.
In addition to embracing AI-driven tools, foundational security measures must be prioritized.
"Beyond detecting and preventing, we must also focus on building cyber resilience, a critical element in reducing breach costs," Kessem said. "Beyond ensuring that the security architecture is in line with the organization's risk appetite, resilience also means building robust incident response plans, ensuring they cover high-risk scenarios and high-value data and assets."
Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.
