Simple Cost of Data Breach Calculator

Rebecca // September 11 // 0 Comments

How do you calculate the cost of a data breach?  

Do you know how much a data breach would cost you company?  Do you want a quick estimate relevant to your company with no hidden assumptions, and based on real data from other companies and reports?

This is a transparent and quick way for estimating potential data breach costs. This 10-row table can be summed to get your total cost of a data breach, based on your company’s values.  This table also includes recommended values, based on several data breach reports (see the resources cited at the end of this article).  The recommended values can help anchor your estimates when you have no idea what the actual costs should be.  

Feel free to play with these numbers for your company, but keep in mind that these are still estimates.  The goal of this table is to provide something more sophisticated than the simple heuristic, but more transparent and customized than a calculator with hidden assumptions.  Consider minimum and maximum values for each, or how to reduce the costs at each row.  It might give you ideas of where to invest to prevent these costs!

Cost of a Data Breach

Recommended Value

Your Business

Reputation Harm: Unplanned loss of customers and business

5% drop in annual revenue


Cost to identify and contain: Engineering work

Reports estimate on average 200+ days to identify and contain; estimate how much time your team or contractors will spend exclusively on this instead of other projects. 


Cost to contain: public relations and leadership work

Companies with incident response teams and DPOs typically see lower costs here. 


GDPR regulation fines

Up to 4% of last year's turnover


Litigation costs

extremely variable

Cell

Ransom costs

According to a 2020 report by Sophos, ransomware attack remediation efforts on average cost US$732,500 when a ransom is not paid, and US $1,448,458 when a ransom is paid.

Cell

Insurance increase

Will insurance company charge you more?

Cell

Prevention: New tech investment (upgrade/replace)

Depends on what you need.

Cell

Prevention: Cost to implement new processes or hires

Between cents (send emails) and hundreds of dollars (offering identity monitoring)

Cell

Cleanup: cost to notify victims

Skilled privacy & security engineer salaries are typically $100,000-200,000/year

Cell

Sources and Learn More

If this table is too simple, you can find a really in-depth explanation of the costs of a data breach from Ryan McGeehan https://magoo.medium.com/ and http://scrty.io/

My recommended values are based on these reports:

About the Author Rebecca

Dr. Rebecca Balebako builds data protection and trust into software products. As a certified privacy professional (CIPP/E, CIPT, Fellow of Information Privacy) ex-Googler, and ex-RANDite, she has helped multiple organizations improve their responsible AI and ML programs.

Our Vision

 We help companies build data protection that their users love.

Privacy by Default

respect

Quality Process

HEALTH

Inclusion

>