Calculator

Cyber Incident & Breach Cost Calculator

Illustrative exposure from a major cyber incident — adjust every assumption to match your sector.

Industry

[Benchmark] Industry multiplier: Healthcare 1.7× ($7.42M ÷ $4.44M); Financial 1.3×; Other 1.0×

Number of employees

Annual revenue ($)

Sensitive records stored

Estimated recovery days

Advanced assumptions (benchmarks)

Breach figures reference the IBM Cost of a Data Breach Report 2025 (global average ≈ $4.44M; healthcare ≈ $7.42M). IT-spend ranges reference Gartner-style industry benchmarks. These update annually — confirm against the latest published figures when you revise them.

$/record notification + legal [Benchmark]

Default $165; defensible range $150–$190 (US mid-market, mixed PHI/PII).

Recovery labor + consultants ($) [Benchmark, conservative]

External IR + forensics + legal for one contained breach.

Revenue churn share (decimal) [Benchmark, conservative]

Default 0.03 (3%); raise toward 0.04–0.05 for consumer-facing brands.

Estimated cost of a major cyber incident (Healthcare)

$8,945,585 – $20,873,031

Business interruption$272,308

Notification & legal$14,025,000

Lost business / churn$510,000

Recovery$102,000

Point estimate$14,909,308

How this is calculated

Estimates reference IBM's 2025 breach data (global average ≈ $4.44M; healthcare ≈ $7.42M, the highest-cost sector; financial services ≈ 1.3× global). Per-record notification/legal cost defaults to $165 (defensible range $150–$190). Churn is modeled at 3% incremental customer loss — conservative for B2B; IBM finds lost business is the single largest cost component, so real impact is often higher. Healthcare and financial services carry higher exposure via the industry multiplier. Every figure is adjustable. Range = point estimate × 0.6–1.4.

Combine results across tools in the Business Impact Center.

These are transparent estimates — your real numbers will be sharper. Want a precise assessment from our team?

Book a 15-minute assessment

A serious cyber incident — ransomware, a data breach, or a prolonged outage — can cost far more than the ransom note or the insurance deductible. Business interruption, legal notification, customer churn, and recovery labor stack quickly, especially in regulated industries.

This tool applies adjustable benchmarks (per-record notification costs, recovery labor, and churn assumptions) with industry multipliers for healthcare and financial services. Open the advanced assumptions panel to align with current published research for your sector.

The output is a range, not a prediction. Pair it with a human-risk program, tested backups, and an incident response plan — and read our ransomware resilience and phishing awareness resources for the people side of the equation.