Cost-by-industry summary
| Code | Industry | Avg breach | Per record | Top vector |
|---|---|---|---|---|
| I-01 | Healthcare / Life Sciences | $7.42M | $408 | BEC + ransomware via phishing |
| I-02 | Financial Services | $5.56M | $295 | BEC, credential-harvest |
| I-03 | Pharmaceutical | $4.61M | $232 | Spear-phish on R&D |
| I-04 | Energy / Utilities | $4.83M | $209 | BEC, OT-pivot phishing |
| I-05 | Technology / SaaS | $4.79M | $195 | Spear-phish + token theft |
| I-06 | Manufacturing / Industrial | $5.08M | $168 | BEC + invoice fraud |
| I-07 | Retail / E-commerce | $3.48M | $155 | Credential-harvest |
| I-08 | Government / Public Sector | $2.86M | $165 | Vishing + spear-phish |
| I-09 | Education | $3.65M | $142 | Bulk + smishing |
| I-10 | Professional Services | $5.08M | $178 | BEC, wire fraud |
Healthcare ($7.42M), financial services ($5.56M), energy ($4.83M), technology ($4.79M), pharmaceuticals ($4.61M), and public sector ($2.86M) average-breach figures are IBM Cost of a Data Breach 2025 sector averages. Manufacturing, retail, education, and professional-services averages, and all per-record liabilities, are this model's sector estimates weighted from the published industry spread; treat them as planning ranges, not verbatim report values. Vector designations cross-checked against APWG 2025 attack-share table and Verizon DBIR 2025 industry sections.[IBM 2025, APWG 2025, Verizon DBIR 2025]