Data Breach Cost Estimator
Estimate the financial impact of a data breach from records exposed and per-record cost.
Updated: June 26, 2026
What a data breach actually costs
The headline number after a breach is rarely just the ransom or the fine. The real cost accumulates across detection, notification, legal response and — the biggest piece — lost business from downtime, customer churn and reputational damage. This estimator multiplies the number of exposed records by an average per-record cost, then splits the total across those categories so you can see where the money goes.
How the estimate works
Industry studies (such as IBM's annual Cost of a Data Breach report) track an average cost per exposed record. Multiply that by the number of records and you get a ballpark total. Per-record costs vary widely by sector — regulated industries like healthcare and finance run much higher because of stricter notification rules and higher customer sensitivity — so the tool lets you pick an industry preset or enter your own figure.
The four cost categories
- Lost business — the largest share: downtime, customer churn, and the cost of winning back trust.
- Detection & escalation — forensics, investigation, and assessment.
- Post-breach response — legal fees, regulatory fines, credit monitoring, and help-desk costs.
- Notification — informing affected individuals and regulators.
Use it to justify security spend
A breach estimate is most useful as the "loss" side of a risk decision. If a plausible breach would cost millions, a six-figure investment in prevention is easy to justify. Pair this estimate with our security ROI calculator to turn it into a return-on-investment case, and the ransomware cost calculator for downtime-driven incidents specifically.
Important caveats
This is an illustrative estimate, not a prediction or financial advice. Real breach costs depend on the type of data, your jurisdiction's regulations, contractual liabilities, and how well you respond. Use it to think in the right order of magnitude and to drive a conversation — not as a precise forecast.
Frequently asked questions
How is the breach cost calculated?
It multiplies the number of exposed records by an average cost per record, then breaks the total into four categories: lost business, detection & escalation, post-breach response, and notification.
What is a typical cost per record?
Averages hover around $150–$170 per record, but regulated sectors are far higher — healthcare often exceeds $400 per record. Use the industry preset or your own figure for a closer estimate.
Why is 'lost business' the biggest cost?
Beyond the direct response costs, breaches drive customer churn, downtime and reputational harm. Winning back trust and lost revenue typically dwarf the technical cleanup.
Is this an exact figure?
No. It's an illustrative estimate to gauge order of magnitude and justify security investment. Actual costs depend on data type, regulations, and response quality.
Reduce breach risk and cost
The cheapest breach is the one that doesn't happen — or is caught early:
- Managed detection & response (MDR) Cut the 'detection & escalation' window — faster detection is consistently linked to lower breach costs.
- Cyber insurance Transfer part of the residual financial risk, especially the legal and notification costs after an incident.
Learn more
- What Is GDPR? Fines and Compliance Basics GDPR in plain English: who it covers, the rights it grants, the two fine tiers (up to 4% of turnover), and where to start. Educational, not legal advice.
- What Is Ransomware? How Attacks Work and What They Cost How ransomware actually works, why the ransom is often the smallest cost, and the handful of defenses that make the biggest difference.
- What Is a Data Breach? Causes, Costs and Response What counts as a data breach, the causes behind most of them, why the true cost dwarfs the headline fine, and how to prepare before one happens.
Related tools
- Security ROI (ROSI) CalculatorCompute the return on a security investment from expected loss and mitigation effectiveness.
- Ransomware Downtime Cost CalculatorEstimate the total impact of a ransomware attack from downtime, recovery and ransom.
- GDPR Fine CalculatorEstimate the maximum GDPR penalty from annual turnover and infringement tier.
- Password Policy GeneratorTurn your password rules into a written policy plus Linux PAM and Windows config.