Verizon Releases Inaugural Breach Impact Study
Verizon Business has released the findings from its inaugural Breach Impact Study, which focuses on the financial impact of data breaches. The BIS report is from the same authoring team as the Verizon Data Breach Investigations Report and was produced in partnership with CyberAcuView. The report is based on an analysis of around 70,000 U.S. cyber insurance claims, including 38,000 claims where the policies paid out. The data spans from January 2019 to October 2025.
In contrast to many data breach cost reports, the report is based on median claim amounts rather than averages, which are susceptible to skewing. In 2019, the median financial impact was around $60,000, rising by 80% to $110,000 in 2025, with data breach costs outpacing inflation, which was around 23% over the period of the study. More than half of paid-out claims exceeded $83,000, with 10% having an impact of $920,000 or more. The most extreme 2.5% of cases exceeded $5 million in losses.
The report shows that data breach costs almost doubled between 2019 and 2025, with business interruption the single largest loss driver, followed by loss to threat actor and response and recovery.

Known losses over time. Source: Verizon 2026 Breach Impact Study.
For software supply chain and third-party incidents, business interruption accounted for 50% of all losses. Software supply chain incidents and third-party breaches are relatively rare, accounting for around 2% of claims in the dataset, but when they occur, they can be catastrophic, with costs more than double the overall dataset. In the most extreme cases, losses exceeded $100 million.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The median impact was around $38,000 in the SMB segment, rising to $96,000 in the mid-market segment, and $238,000 for large enterprises, with the top 2.5% of large enterprise claims exceeding $22 million per claim. While breach costs were relatively low in the SMB segment, the ratio of impact amounts to insured revenue was as high as 3% in the top 10% of cases, and was 7% in the most extreme cases. Without an insurance policy, these incidents could have been extremely damaging. In the mid-market and large enterprise segments, the ratio did not go above 2% in the top 2.5% of extreme cases.
Healthcare had relatively high external liability costs compared to other sectors. The dataset included more than 8,640 claims with 5,100 recorded losses. Healthcare accounted for 23% of total losses, with a median liability loss 57% higher than the overall dataset. Response and recovery accounted for 29% of total losses, followed by business interruption (24%) and external liability (23%).

Distribution of the economic impact of breaches in healthcare. Source: Verizon 2026 Breach Impact Study
The most common incident type in healthcare that prompted a claim was a ransomware attack (39%), which represented 60% of the total cost with a median cost of $77,051. Business email compromise (BEC) was involved in 22% of cases, accounting for 10% of the costs, with a median cost of $94,924.


