The average cost of a data breach in the United States reached a record $10.22 million, about 2.3 times the global average, according to IBM's Cost of a Data Breach report. The global average fell 9% to $4.44 million, its first decline in five years, even as the US figure climbed to an all-time high on the strength of regulatory fines and escalation costs.

Artificial intelligence played a growing role in the findings. One in five studied organizations experienced a breach linked to shadow AI, meaning unsanctioned tools adopted by employees without security oversight. Those incidents added as much as $670,000 to the average breach cost. The report found that 63% of breached organizations lacked AI governance policies, and only 37% had approval processes or oversight in place.

AI also cut both ways on defense. Organizations using AI security tools extensively saved about $1.9 million per breach and detected incidents 80 days faster. The average breach lifecycle dropped to 241 days, the shortest in nine years, split between 181 days to detect and 60 days to contain.

Healthcare remained the most expensive sector at $7.42 million per breach, its fifteenth consecutive year at the top. The figures illustrate how the absence of governance around employee AI use is emerging as a measurable driver of breach cost.

Source: IBM -- https://www.ibm.com/reports/data-breach