Cost Per Record by Industry
This table lists the representative average data breach cost and cost per record for each industry, drawn from the published IBM/Ponemon Cost of a Data Breach analysis. The headline anchors that frame these figures are a US average breach cost of about $10.22M, a global average nearer $4.44M, and a global average cost per record of about $164. Per-record costs in the dataset span roughly $160 to $408 — a spread of more than 2.5× between the cheapest and the most expensive sectors to lose data in.
| Industry | Avg. breach cost | Cost per record |
|---|---|---|
| Healthcare | $7.42M | $408 |
| Financial services | $5.56M | $336 |
| Pharmaceutical | $5.1M | $295 |
| Technology / SaaS | $5M | $300 |
| Professional services | $4.8M | $290 |
| Energy / utilities | $5.29M | $280 |
| Manufacturing / industrial | $5.56M | $190 |
| Education | $3.7M | $220 |
| Retail / e-commerce | $3.48M | $200 |
| Public sector | $2.55M | $160 |
| Consumer / other services | $3.9M | $165 |
| Other | $4.44M | $164 |
Why industry drives the number
The two columns answer different questions. Average breach cost is the end-to-end total of a sector-typical incident, expressed here in millions of dollars (computed as avg_breach_m × 1,000,000). Cost per record is that total divided by the records exposed in a typical breach, and it is the figure that feeds the quick linear estimate. A sector can carry a high cost per record yet a moderate average breach, or the reverse, because per-record cost reflects the sensitivity of an individual record while average breach cost also reflects the typical size of breaches in that sector.
Industry matters because the data itself differs in value and in regulatory weight. Healthcare sits at the top of the table at $408 per record: health data (PHI) is highly sensitive, attracts strict HIPAA notification duties, and carries a long tail of remediation and reputational damage. Financial services and pharmaceutical follow for similar reasons — payment data and clinical or IP data are both costly to lose and heavily regulated. At the other end, the public sector is lowest at $160 per record, where the data is often less commercially sensitive and breaches are less likely to trigger customer churn. Retail and manufacturing fall in the middle, where the data is valuable but the regulatory regime is lighter than in health or finance.
Treat every figure here as representative, not as a prediction for any specific business. These are SMB-appropriate values consistent with the cited report, deliberately conservative relative to the largest enterprise headline numbers, and dated to their source. In each of the calculators built on this dataset the key figures — including the per-record cost — are user-overridable inputs, so if you have a better number from your insurer, a prior incident, or a more recent report, you can substitute it and the math still holds.
Figures verified on Jun 25, 2026 against IBM Cost of a Data Breach 2025 — industry analysis. Every value shown is overridable in the tools.
Disclaimer. BreachCostLab provides cost and risk estimates for informational purposes only, based on published industry benchmarks (e.g. IBM/Ponemon Cost of a Data Breach, Verizon DBIR) and publicly available statutory figures as of the verification date shown (Jun 25, 2026). These figures are estimates for planning, not a prediction of the cost of any specific incident, and are not legal, financial, insurance, or compliance advice. Actual breach costs vary widely; for regulatory obligations consult qualified counsel. Always verify current figures with the cited sources.