The cost of a data breach in the U.S. just hit a historic high: $10.22 million on average per incident, according to IBM’s 2025 Cost of a Data Breach Report. While the global average decreased by 9%, thanks to faster AI-driven response times. the U.S. is bucking the trend. What’s driving this increase, and what does it mean for your business?
Why Are U.S. Breach Costs Rising?
IBM’s research points to several key factors:
- Heavier regulatory fines
- Higher detection and escalation costs
- Longer recovery periods, with most companies taking over 100 days to return to full operations
While automation and AI helped reduce global breach durations by 17 days (to 241 days total), U.S. businesses are still lagging in both containment and oversight. In fact, 65% of companies impacted by a breach said they still hadn’t fully recovered.
AI: The Double-Edged Sword
Ironically, the same technologies that help reduce breach impact globally are introducing new threats when used carelessly.
IBM found that:
- 97% of AI-related breaches were caused by poor access controls.
- 13% of organizations had an AI system or model compromised, often through their supply chain, third-party APIs, or plug-ins.
- “Shadow AI” the use of AI tools without proper approval or oversight added an average of $670,000 to breach costs.
These breaches led to:
- Compromise of personally identifiable information (65%)
- Loss of intellectual property (40%)
- Widespread data exposure across multiple environments
What This Means for Business Owners and Risk Managers
Whether you’re running a tech firm, a construction company with field management software, or a local professional services firm using cloud-based tools, you are vulnerable. The cost of a breach isn’t just about fines and IT bills. It’s also about reputation loss, customer trust, and downtime that halts operations.
This data underscores the urgent need to:
- Secure AI platforms with role-based access controls
- Monitor third-party software and plugins for vulnerabilities
- Establish clear policies around AI use across your organization
- Invest in cyber insurance to help manage the financial fallout of a breach
The record-breaking breach costs in the U.S. are a wake-up call. Cybersecurity is no longer just an IT problem, it’s a business continuity issue. For small and mid-sized businesses, the risks of inaction are too high to ignore.
Talk to McHugh Insurance Group about building a cyber risk management plan that includes coverage, training, and breach response protocols.