Data Breach Cost Calculator

Data breach costs extend beyond direct records. IBM 2024 report: 150 average per record + regulatory fines + remediation + lost business. This calculator sums all components.

10,000 records × 150 + 50,000 fines + 80,000 remediation + 200,000 lost revenue = 1,830,000 total breach cost. For most SMBs this is existential without insurance.

Use to justify security investment. Breach cost vs annual security spend makes prioritisation clearer. Even 1% breach probability reduction saves many multiples of typical security spend.

Quick example

With records exposed of 10,000 and cost per record of 150 (plus regulatory fines of 50,000 and remediation cost of 80,000), the result is 1,830,000.00. Change any figure and watch the output shift — it's often more useful to see the pattern than to memorise the formula.

Which inputs matter most

You enter Records Exposed, Cost per Record, Regulatory Fines, Remediation Cost, and Reputational Revenue Loss.

What's happening under the hood

Total = records × per-record + fines + remediation + reputational loss. The formula is listed in full below. If the number looks off, you can retrace the calculation by hand — that's the point of showing the working.

What to do with a low result

A disappointing result is information, not a judgement. Pick the single input that dragged the figure down most and focus the next quarter on that one factor. Breadth-first improvement rarely works; depth-first on the worst input usually does.

What this doesn't capture

The score is a composite of the inputs you provide. Life context — job security, family obligations, health, housing — doesn't appear in the math but shapes the real picture. Use the number as a prompt, not a verdict.

Worked example

Suppose a mid-sized organisation experiences a breach affecting 5,000 customer records. Here's how the components stack:

• Records exposed: 5,000
• Cost per record: 150 (covering forensic investigation, notification, and credit monitoring)
• Regulatory fines: 75,000 (penalty for non-compliance with data protection rules)
• Remediation cost: 120,000 (security assessment, system upgrades, staff training)
• Reputational revenue loss: 300,000 (estimated customer churn and lost sales over 12 months)

Total calculated cost: 5,000 × 150 + 75,000 + 120,000 + 300,000 = 1,200,000. This single incident represents a material financial event for many organisations.

Common scenarios where this matters

The calculator proves useful in several contexts:

• Budget justification: Compare annual security investment against a single-breach scenario. The gap often clarifies ROI on preventative spending.
• Risk comparison: Model different breach sizes (1,000 vs 10,000 vs 50,000 records) to understand exposure tiers.
• Insurance evaluation: Test whether coverage limits align with realistic breach costs across your data holdings.
• Board reporting: Illustrate breach impact in financial terms rather than abstract risk language.

What this result captures and what it doesn't

The calculator aggregates five major cost dimensions: per-record expenses, fines, technical remediation, and revenue impact. It models these as separate line items that sum to a total.

What it does not include: legal fees beyond remediation, employee time diverted during incident response, long-term customer lifetime value erosion, competitive disadvantage from lost trust, operational downtime costs, or third-party notification service fees. Different breaches trigger different subsets of these costs; the model offers a framework rather than a complete forecast.

Educational illustration

This calculator models potential breach costs for educational purposes. The output shows how different inputs combine mathematically. Actual breach costs vary based on industry, jurisdiction, data sensitivity, response speed, and contractual obligations. Use this figure to inform risk assessment, not as a binding estimate.