Simple Cost of Data Breach Calculator

How do you calculate the cost of a data breach?  

Do you know how much a data breach would cost you company?  Do you want a quick estimate relevant to your company with no hidden assumptions, and based on real data from other companies and reports?

This is a transparent and quick way for estimating potential data breach costs. This 10-row table can be summed to get your total cost of a data breach, based on your company’s values.  This table also includes recommended values, based on several data breach reports (see the resources cited at the end of this article).  The recommended values can help anchor your estimates when you have no idea what the actual costs should be.  

Feel free to play with these numbers for your company, but keep in mind that these are still estimates.  The goal of this table is to provide something more sophisticated than the simple heuristic, but more transparent and customized than a calculator with hidden assumptions.  Consider minimum and maximum values for each, or how to reduce the costs at each row.  It might give you ideas of where to invest to prevent these costs!

Cost of a Data Breach

Recommended Value

Your Business

Reputation Harm: Unplanned loss of customers and business

5% drop in annual revenue

Cost to identify and contain: Engineering work

Reports estimate on average 200+ days to identify and contain; estimate how much time your team or contractors will spend exclusively on this instead of other projects. 

Cost to contain: public relations and leadership work

Companies with incident response teams and DPOs typically see lower costs here. 

GDPR regulation fines

Up to 4% of last year's turnover

Litigation costs

extremely variable


Ransom costs

According to a 2020 report by Sophos, ransomware attack remediation efforts on average cost US$732,500 when a ransom is not paid, and US $1,448,458 when a ransom is paid.


Insurance increase

Will insurance company charge you more?


Prevention: New tech investment (upgrade/replace)

Depends on what you need.


Prevention: Cost to implement new processes or hires

Between cents (send emails) and hundreds of dollars (offering identity monitoring)


Cleanup: cost to notify victims

Skilled privacy & security engineer salaries are typically $100,000-200,000/year


Sources and Learn More

If this table is too simple, you can find a really in-depth explanation of the costs of a data breach from Ryan McGeehan and

My recommended values are based on these reports:

About the author 


Dr. Rebecca Balebako is a certified privacy professional (CIPP/E, CIPT, Fellow of Information Privacy) who helped multiple organizations improve their privacy through research, analysis, and engineering. 

Our Vision

 We work together with companies to build data protection solutions that are lasting and valuable, thereby protecting privacy as a human right.  

Privacy by Default


Quality Process