๐ Compliance & Risk
What Is a Data Breach? Causes, Costs and Response
By Justin Le
ยท 7 min read ยท Updated June 27, 2026 "Data breach" is in the headlines constantly, but what actually counts as one โ and why are they so expensive? This guide explains the causes, the real costs, and what preparing for one looks like. It's educational background, not legal advice.
What is a data breach?
A data breach is any incident where information is accessed, taken, or disclosed without authorisation. That includes an attacker stealing a customer database, but also an employee emailing a spreadsheet to the wrong person, a lost laptop, or a misconfigured cloud bucket left open to the internet. It doesn't have to involve a hacker โ accidental exposure is a breach too.
Common causes
- Stolen or weak credentials. Phished or reused passwords are a leading cause โ which is why strong passwords and 2FA matter so much.
- Phishing and social engineering. Tricking a person into granting access.
- Unpatched systems. Known vulnerabilities in internet-facing software.
- Misconfiguration. Cloud storage or databases left publicly accessible.
- Insider mistakes or misuse. Accidental sends, or deliberate misuse of access.
- Ransomware with data theft. Modern attacks steal data before encrypting โ see what ransomware is.
Why breaches cost so much
The penalty is only one slice of the cost. Studies consistently find the largest component is lost business โ downtime, customer churn and reputational damage โ followed by detection, response, legal fees and notification. Regulated data (health, finance) costs far more per record. You can put rough numbers on it with our data breach cost estimator.
A consistent finding: the faster you detect and contain a breach, the less it costs. Speed of response is one of the biggest levers on the final bill.
Notification obligations
Many laws require you to report breaches. Under GDPR, for example, you generally must notify the regulator within 72 hours and, in serious cases, the affected individuals. Other jurisdictions have their own breach-notification rules. Failing to report on time can compound the penalties.
Preventing breaches
- Enforce strong, unique passwords and MFA across the organisation.
- Patch internet-facing systems promptly.
- Encrypt sensitive data at rest and in transit.
- Apply least-privilege access so a single compromised account can't reach everything.
- Train staff to spot phishing.
- Audit cloud configurations for accidental exposure.
Responding to a breach
- Contain โ isolate affected systems to stop the spread.
- Assess โ determine what data was involved and how.
- Notify โ meet your legal reporting deadlines.
- Remediate โ close the gap, rotate credentials and keys.
- Review โ learn from the incident and harden against a repeat.
Make the case for prevention
Prevention is far cheaper than response. Use the breach cost estimator as the "loss" side and the security ROI calculator to justify investing in controls before an incident โ not after.
Frequently asked questions
What counts as a data breach?
Any unauthorised access, theft or disclosure of information โ from an attacker stealing a database to an employee emailing data to the wrong person or a misconfigured cloud bucket. It doesn't require a hacker.
What is the biggest cost of a data breach?
Lost business โ downtime, customer churn and reputational damage โ typically outweighs the direct response and notification costs. Faster detection and containment significantly reduce the total.
Do I have to report a data breach?
Often, yes. Laws like GDPR require notifying the regulator (generally within 72 hours) and sometimes affected individuals. Requirements vary by jurisdiction, and late reporting can increase penalties.
Try the related tools
- Data Breach Cost Estimator Estimate the financial impact of a data breach from records exposed and per-record cost.
- Security ROI (ROSI) Calculator Compute the return on a security investment from expected loss and mitigation effectiveness.
- Ransomware Downtime Cost Calculator Estimate the total impact of a ransomware attack from downtime, recovery and ransom.
Related guides
- What Is GDPR? Fines and Compliance Basics GDPR in plain English: who it covers, the rights it grants, the two fine tiers (up to 4% of turnover), and where to start. Educational, not legal advice.
- What Is Ransomware? How Attacks Work and What They Cost How ransomware actually works, why the ransom is often the smallest cost, and the handful of defenses that make the biggest difference.
- Security ROI: How to Justify a Security Budget How to turn 'we should invest in security' into a number leadership respects โ the ROSI model, with the inputs and pitfalls explained.