The average data breach now costs $4.44 million globally — and $10.22 million in the United States (IBM, Cost of a Data Breach Report 2025). That global figure actually fell 9% year-over-year, the first decline in five years, driven almost entirely by AI-assisted detection. The threat picture underneath it did not improve: ransomware appeared in 44% of breaches (Verizon, DBIR 2025), the FBI logged $16.6 billion in reported cybercrime losses (FBI IC3, 2024 Internet Crime Report), and global security spending is set to hit $244.2 billion in 2026 (Gartner, February 2026). We aggregated data from the IBM Cost of a Data Breach Report 2025, the Verizon 2025 Data Breach Investigations Report, Gartner press releases, the FBI IC3 2024 report, the CrowdStrike 2026 Global Threat Report, the ISC2 2025 Workforce Study, ENISA, and dozens of other primary sources to build the reference set below.
Key Takeaways
- The global average data breach cost is $4.44 million, down 9% from $4.88 million the prior year (IBM, Cost of a Data Breach Report 2025).
- US breach costs hit an all-time high of $10.22 million — 2.3x the global average (IBM, Cost of a Data Breach Report 2025).
- Worldwide information security spending will reach $244.2 billion in 2026, up 13.3% (Gartner, February 2026).
- Ransomware was present in 44% of all breaches analyzed, up 37% year-over-year (Verizon, DBIR 2025).
- The FBI logged $16.6 billion in reported cybercrime losses across 859,532 complaints in 2024, a 33% jump (FBI IC3, 2024 Internet Crime Report).
- 60% of breaches involved a human element such as phishing or stolen credentials (Verizon, DBIR 2025).
- AI was used in 16% of breaches, mostly for phishing and deepfakes (IBM, Cost of a Data Breach Report 2025).
- Healthcare remains the costliest sector at $7.42 million per breach — the highest for 15 consecutive years (IBM, Cost of a Data Breach Report 2025).
- The median eCrime breakout time fell to 29 minutes, with the fastest observed at 27 seconds (CrowdStrike, 2026 Global Threat Report).
- 95% of organizations reported at least one cybersecurity skills gap on their teams (ISC2, 2025 Cybersecurity Workforce Study).
- Global deepfake fraud losses reached $1.65 billion in 2025 (Surfshark Research, 2026).
- Cybersecurity Ventures projects global cybercrime costs of $10.5 trillion for 2025 (Cybersecurity Ventures, 2026 Cybersecurity Market Report).
1. Market Size and Security Spending
Defensive budgets are climbing fast, but not as fast as the threat. Gartner forecasts worldwide end-user spending on information security at $244.2 billion in 2026, a 13.3% increase over 2025’s $213 billion (Gartner, February 2026). The standout detail: enterprises spend roughly 17x more on AI tooling than on securing the AI they deploy — a gap that defines the 2026 risk surface.
| Metric | Value | Source |
|---|---|---|
| Information security spending, 2026 | $244.2 billion (+13.3%) | Gartner, February 2026 |
| Information security spending, 2025 | $213 billion | Gartner, July 2025 |
| Security software segment, 2026 | $121 billion (up from $106B in 2025) | Gartner, 3Q25 Forecast |
| Managed security services growth, 2026 | 11.1% — fastest in services | Gartner, 3Q25 Forecast |
| Broader cybersecurity market, 2026 (range across firms) | $197B–$306B | Mordor Intelligence; Fortune Business Insights; 2026 |
| Projected global cybercrime cost, 2025 | $10.5 trillion annually | Cybersecurity Ventures, 2026 Cybersecurity Market Report |
Market-size estimates diverge widely because firms scope “cybersecurity” differently — some count only software, others include services and hardware. We cross-referenced Gartner, Mordor Intelligence, and Fortune Business Insights; treat any single market number as a directional estimate, not a precise figure.
2. Data Breach Costs
The global average breach cost dropped for the first time in half a decade — but the relief is uneven. The global average is now $4.44 million, down 9% year-over-year, while US breaches hit an all-time high of $10.22 million (IBM, Cost of a Data Breach Report 2025). The split tells the real story: organizations that deployed AI and automation extensively cut costs, while those facing heavy regulatory exposure (concentrated in the US) saw expenses climb.
| Metric | Value | Source |
|---|---|---|
| Global average breach cost, 2025 | $4.44 million (down 9%) | IBM, Cost of a Data Breach Report 2025 |
| US average breach cost, 2025 | $10.22 million (all-time high) | IBM, Cost of a Data Breach Report 2025 |
| Savings from extensive AI/automation | ~$1.9 million per breach | IBM, Cost of a Data Breach Report 2025 |
| Extra cost from high “shadow AI” exposure | +$670,000 per breach | IBM, Cost of a Data Breach Report 2025 |
| Breached orgs lacking AI access controls | 97% of AI-related incidents | IBM, Cost of a Data Breach Report 2025 |
| Orgs with no AI governance policy | 63% | IBM, Cost of a Data Breach Report 2025 |
| Most common breach attack vector | Phishing (16% of breaches) | IBM, Cost of a Data Breach Report 2025 |
The cost decline is not a sign that defenders won — it reflects faster containment, not fewer attacks. Shadow AI (unsanctioned employee use of AI tools) is now a measurable cost driver. For the offense side of the AI equation, see our generative AI statistics for 2026.
3. Attack Types and Frequency
Ransomware and phishing remain the dominant entry points, and both are accelerating. Ransomware appeared in 44% of breaches analyzed by Verizon, up 37% year-over-year (Verizon, DBIR 2025). The DBIR’s 2025 edition drew on 22,000+ incidents and 12,195 confirmed breaches — its largest dataset ever.
| Metric | Value | Source |
|---|---|---|
| Breaches involving the human element | 60% | Verizon, DBIR 2025 |
| Breaches involving ransomware | 44% (up 37% YoY) | Verizon, DBIR 2025 |
| Increase in vulnerability exploitation | +34% YoY | Verizon, DBIR 2025 |
| Breaches starting with credential abuse | 22% | Verizon, DBIR 2025 |
| Breaches starting with phishing | 16% | Verizon, DBIR 2025 |
| Third-party involvement in breaches | 30% (doubled YoY) | Verizon, DBIR 2025 |
| Median ransom payment, 2025 | $115,000 | Verizon, DBIR 2025 |
| Ransomware victims who refused to pay | 64% | Verizon, DBIR 2025 |
| Daily phishing emails sent worldwide | ~3.4 billion | Hoxhunt, Phishing Trends Report 2026 |
The 64% refusal rate is a defender’s win — payment compliance has dropped from roughly 50% two years ago. Voice-channel attacks are the fast-rising vector: vishing (voice phishing) surged 442% in CrowdStrike’s tracking, a reminder that audio is now an attack surface. VoxBooster builds consumer voice software, which is why we track deepfake statistics for 2026 closely.
4. Breach Costs and Threats by Industry
Sector exposure varies by an order of magnitude. Healthcare breaches cost $7.42 million on average — the highest of any industry for 15 straight years (IBM, Cost of a Data Breach Report 2025). Healthcare also takes the longest to recover: 279 days to identify and contain a breach, 38 days past the global average.
| Industry / Sector | Metric | Value | Source |
|---|---|---|---|
| Healthcare | Average breach cost | $7.42 million | IBM, Cost of a Data Breach Report 2025 |
| Financial services | Average breach cost | $5.56 million | IBM, Cost of a Data Breach Report 2025 |
| Healthcare | Breach lifecycle | 279 days | IBM, Cost of a Data Breach Report 2025 |
| Manufacturing & Healthcare | Rising motive | Espionage-driven attacks | Verizon, DBIR 2025 |
| EU public administration | Share of reported incidents | 38% | ENISA, Threat Landscape 2025 |
| EU transport (maritime/logistics) | Status | Emerging high-value target | ENISA, Threat Landscape 2025 |
| Critical infrastructure | Ransomware impact | Increasingly targeted | FBI IC3, 2024 Internet Crime Report |
Healthcare’s persistent lead is structural: medical records sell at a premium, legacy systems resist patching, and uptime requirements limit how aggressively teams can isolate compromised systems. Note that healthcare’s 2025 cost actually fell $2.35 million from 2024 — still the highest, but moving in the right direction.
5. AI in Cybersecurity — Offense and Defense
AI now sits on both sides of the conflict, and the data lets us measure each. On defense, organizations using AI and automation extensively saved roughly $1.9 million per breach and shortened the breach lifecycle by 68 days (IBM, Cost of a Data Breach Report 2025). On offense, AI-enabled adversaries increased their operations 89% year-over-year (CrowdStrike, 2026 Global Threat Report).
| Metric | Value | Source |
|---|---|---|
| Breach cost with extensive AI/automation | $3.62 million | IBM, Cost of a Data Breach Report 2025 |
| Breach cost without AI/automation | $5.52 million | IBM, Cost of a Data Breach Report 2025 |
| Breaches in which attackers used AI | 16% | IBM, Cost of a Data Breach Report 2025 |
| Increase in AI-enabled adversary operations | +89% YoY | CrowdStrike, 2026 Global Threat Report |
| Phishing campaigns using AI-generated content | 80%+ | ENISA, Threat Landscape 2025 |
| Orgs using or planning AI-enabled security tools | 97% | IBM / industry survey, 2025 |
| Top critical skill cited by security teams | AI (41% of respondents) | ISC2, 2025 Cybersecurity Workforce Study |
| AI-amplified security market by 2029 | $160 billion (from $49B in 2025) | Gartner, 4Q25 Forecast |
Source: IBM — 2025 Cost of a Data Breach: Navigating the AI Rush
The asymmetry is the concern. Defenders use AI to compress detection time; attackers use it to compress attack time — and CrowdStrike clocked the median eCrime breakout time at 29 minutes, with one observed intrusion exfiltrating data four minutes after initial access. Autonomous attacker agents are no longer hypothetical. For the broader picture on autonomous systems, see our AI agents statistics for 2026.
6. The Workforce Gap and Future Projections
The talent story shifted in 2025: the shortage is now about skills, not just headcount. 95% of organizations reported at least one cybersecurity skills gap on their teams, and 59% called those gaps critical or significant — up from 44% the prior year (ISC2, 2025 Cybersecurity Workforce Study). For the first time, ISC2 declined to publish a single workforce-gap headcount, because survey respondents consistently rank skill needs above raw staffing.
| Metric | Value | Source |
|---|---|---|
| Orgs reporting at least one skills gap | 95% | ISC2, 2025 Cybersecurity Workforce Study |
| Gaps rated critical or significant | 59% (up from 44% in 2024) | ISC2, 2025 Cybersecurity Workforce Study |
| Orgs with an incident linked to a skills shortage | 88% | ISC2, 2025 Cybersecurity Workforce Study |
| Most-cited critical skill | AI (41%), then cloud security (36%) | ISC2, 2025 Cybersecurity Workforce Study |
| Global breach lifecycle, 2025 | 241 days — 9-year low | IBM, Cost of a Data Breach Report 2025 |
| Median eCrime breakout time | 29 minutes (fastest: 27 seconds) | CrowdStrike, 2026 Global Threat Report |
| Projected global cybercrime cost by 2031 | $12.2 trillion annually | Cybersecurity Ventures, 2025 |
| Global deepfake fraud losses, 2025 | $1.65 billion | Surfshark Research, 2026 |
The forward signal is a widening gap between attacker speed and defender capacity. Breakout time has compressed to 29 minutes while teams lack the skills to respond in kind — automation closes part of that gap, but not the judgment-dependent part. Cybersecurity Ventures expects cybercrime cost growth to plateau near 2.5% annually, reaching $12.2 trillion by 2031.
Cybersecurity by the Numbers (Summary)
| Metric | Value | Source |
|---|---|---|
| Global average breach cost, 2025 | $4.44 million (down 9%) | IBM, Cost of a Data Breach Report 2025 |
| US average breach cost, 2025 | $10.22 million (record high) | IBM, Cost of a Data Breach Report 2025 |
| Healthcare average breach cost | $7.42 million (highest 15 years running) | IBM, Cost of a Data Breach Report 2025 |
| Financial services average breach cost | $5.56 million | IBM, Cost of a Data Breach Report 2025 |
| Information security spending, 2026 | $244.2 billion (+13.3%) | Gartner, February 2026 |
| Projected global cybercrime cost, 2025 | $10.5 trillion | Cybersecurity Ventures, 2026 Market Report |
| FBI-reported cybercrime losses, 2024 | $16.6 billion (+33%) | FBI IC3, 2024 Internet Crime Report |
| IC3 complaints filed, 2024 | 859,532 | FBI IC3, 2024 Internet Crime Report |
| Business email compromise losses, 2024 | $2.77 billion | FBI IC3, 2024 Internet Crime Report |
| Breaches involving ransomware | 44% (up 37% YoY) | Verizon, DBIR 2025 |
| Breaches involving the human element | 60% | Verizon, DBIR 2025 |
| Third-party involvement in breaches | 30% (doubled YoY) | Verizon, DBIR 2025 |
| Breaches in which attackers used AI | 16% | IBM, Cost of a Data Breach Report 2025 |
| Savings from extensive AI/automation | ~$1.9 million per breach | IBM, Cost of a Data Breach Report 2025 |
| Global breach lifecycle, 2025 | 241 days (9-year low) | IBM, Cost of a Data Breach Report 2025 |
| Median eCrime breakout time | 29 minutes | CrowdStrike, 2026 Global Threat Report |
| Malware-free detections, 2025 | 82% | CrowdStrike, 2026 Global Threat Report |
| Orgs reporting a cybersecurity skills gap | 95% | ISC2, 2025 Cybersecurity Workforce Study |
| EU incidents that were DDoS attacks | 77% | ENISA, Threat Landscape 2025 |
| Global deepfake fraud losses, 2025 | $1.65 billion | Surfshark Research, 2026 |
Methodology and Sources
We aggregated data from primary research published by security vendors, government agencies, and analyst firms. Where estimates diverged — particularly on market size and average ransom payments — we cross-referenced at least two sources and flagged the range rather than picking one number.
- IBM — Cost of a Data Breach Report 2025: https://www.ibm.com/reports/data-breach
- Verizon — 2025 Data Breach Investigations Report: https://www.verizon.com/business/resources/reports/dbir/
- Gartner — Top Cybersecurity Trends for 2026: https://www.gartner.com/en/newsroom/press-releases/2026-02-05-gartner-identifies-the-top-cybersecurity-trends-for-2026
- FBI IC3 — 2024 Internet Crime Report: https://www.ic3.gov/AnnualReport/Reports/2024_IC3Report.pdf
- CrowdStrike — 2026 Global Threat Report: https://www.crowdstrike.com/en-us/global-threat-report/
- ISC2 — 2025 Cybersecurity Workforce Study: https://www.isc2.org/Insights/2025/12/2025-ISC2-Cybersecurity-Workforce-Study
- ENISA — Threat Landscape 2025: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2025
- Cybersecurity Ventures — 2026 Cybersecurity Market Report: https://cybersecurityventures.com/official-2026-cybersecurity-market-report-predictions-and-statistics/
- Surfshark Research — Deepfake fraud losses, 2026: https://surfshark.com/research/chart/deepfake-fraud-losses
- Mordor Intelligence and Fortune Business Insights — cybersecurity market sizing, 2026
Last updated: May 2026 Refresh cadence: We update this page quarterly as new earnings reports and industry research land.
The data points one direction: attacks scale faster than defenses, and AI is widening the gap on both sides. Voice is now part of that attack surface — vishing surged 442% and deepfake audio drove a meaningful share of 2025’s fraud losses. VoxBooster builds Windows voice software with security as a first-class concern; see how our plans are structured, or read our companion roundup on SaaS statistics for 2026 for the broader software-market context.