Cyber Breach Cost
Calculator

What do the number of days to identify and contain mean?

Days to identify represents the average time required to recognize that a breach has occurred and find its source based on your industry. This has remained consistent over the past year.

Days to contain is the average time necessary to control the effects of a breach based on your industry. This has increased by 18 days since last year, indicating that attacks are getting more sophisticated and difficult to control.

Bonus Studies show that breaches taking over 200 days to identify and contain, which is the average across all industries studied, cost an average of $1.2 million dollars more than those that can be resolved in under 20 days. It's essential to have a sophisticated review and identification process in place for your systems, as well as a response team and tested plan for containing a breach if and when one occurs.

What is additional customer loss rate?

Estimates the loss of customers in addition to the attrition seen in a typical year. This loss is attributed to the effects of the breach on business and reputation.

What is the cost per record and what are the direct and indirect costs?

Cost per record shows the total estimated costs, both direct and indirect, per record breached based on your industry.

Direct costs are associated with the containment of the actual breach (i.e., hiring a response team, paying a ransom, etc).

Indirect costs represent the impact on your business, such as time lost from normal operations or loss of customers because of the breach or its effect on your reputation.

These numbers are based on global averages within each industry; however, in the US the average total cost of a breach is 2.1x that of the global average, so costs for US businesses could be significantly higher than indicated in your report results.

How do you estimate the total cost?

Estimated total cost is determined by the number of records you indicated and the average cost per record within your industry, based on a global study.

These numbers are based on global averages within each industry; however, in the US the average total cost of a breach is 2.1x that of the global average, so costs for US businesses could be significantly higher than indicated in your report results.

Why are there Notification and Credit Monitoring Costs?

If your organization has a breach, you are required by law to notify individuals whose personal information was involved and provide credit monitoring services for them to manage the impact of the loss on their personal assets. These laws vary from state to state.

The per record cost shown is an estimated direct cost determined by a proprietary calculation based on the type of information that was involved in the breach, the breach size, and whether you have cyber liability coverage. The total is then estimated based on the number of records you indicated.

What are Investigative Costs?

If your organization suffers a breach, you will need to investigate the source, nature and extent of the breach to determine its cause and impact.

The per record cost shown is an estimated direct cost of these investigations determined by a proprietary calculation based on the type of information that was involved in the breach, the breach size and whether you have cyber liability coverage. The total is then estimated based on the number of records you indicated.

Note: The numbers displayed above were calculated based on the results from 2019 Ponemon Institute Cost of a Data Breach Report and resources from Travelers Insurance.