The average data breach now costs U.S. organizations $10.22 million, an all-time high for any country, according to the IBM Cost of a Data Breach Report. The United States has led the world in breach costs for 15 consecutive years, even as the global average fell to $4.44 million in 2025, its first decline in five years.

Artificial intelligence cuts both ways in the findings. Organizations that used AI security tools extensively saved $1.9 million per breach and detected incidents 80 days faster. At the same time, unauthorized AI use created new exposure. One in five organizations reported a breach tied to shadow AI, the use of AI tools without company oversight, and heavy shadow AI use added about $670,000 to the average breach cost.

Attackers are adopting the technology as well. AI tools were involved in 16 percent of breaches studied, most often for phishing or deepfake impersonation. A separate IBM finding showed that 13 percent of organizations reported breaches of AI models or applications, and 97 percent of those lacked proper AI access controls.

Healthcare remained the most expensive industry at $7.42 million per breach, its 15th consecutive year at the top. The average breach lifecycle dropped to 241 days, the shortest in nine years, but breaches that took more than 200 days to contain cost $1.14 million more than those resolved faster.

Source: IBM -- https://www.ibm.com/reports/data-breach