How to Calculate Data Breaches 

Chelsie Wyatt

How to Calculate Data Breaches 

The cost of a data breach is shaped by multiple direct and indirect factors that together determine the financial, operational, and reputational impact on an organization. These costs can vary greatly depending on the industry, size of the organization, and how well-prepared it is to respond. A small HVAC business barely notices and lost nothing but the cost of the owners’ time after a breach. A high end clothing store loses hundreds of thousands from not making sales for a day. A hospital may have huge fines due to data exfiltration.

Each year, IBM publishes its Cost of a Data Breach Report, where, based on analyzed data from companies and organizations in different sectors, it estimates the cost of a data breach per record. It also analyzes data breach trends and the factors that mitigate or increase the cost of a data breach. Another interesting analysis on data breaches published every year is Verizon’s “DBIR-Data Breach Investigations Report“, where the origin and main actors in a data breach are analyzed for different sectors, among other points. The following interesting conclusions, among others, can be drawn from the data in these reports:

  • The cost of a data breach had the largest increase in 2021 from $3.86M in 2020 to $4.24M in 2021.
  • The cost per register increased 10.3% from 2020 ($146 per registration) to 2021 ($161 per registration), increasing from 14.2% in 2017.
  • The Top 5 countries/regions with the highest cost per breach are: USA, Middle East, Canada, Germany and Japan.
  • By sector, Healthcare is the most affected over the last 11 years, increasing by 29.5% from 2020 to 2021. In the Top 5, followed by Finance, Pharmaceuticals, Technology and Energy.

What Are the Top Causes of Data Breaches?

  1. Human Error

Examples include sending sensitive information to the wrong person, misconfiguring security settings, or losing devices containing confidential data. 

  1. Phishing and Social Engineering

Cybercriminals often use deceptive emails, messages, or phone calls to trick employees into revealing login credentials or downloading malicious attachments. 

  1. Weak or Stolen Passwords

Using weak, reused, or default passwords makes it easy for hackers to gain unauthorized access. 

  1. Malware and Ransomware

Malware (malicious software) and ransomware attacks are major causes of data breaches. 

  1. Insider Threats

Employees, contractors, or partners with legitimate access to systems can intentionally or unintentionally cause breaches.

  1. Unpatched Software and System Vulnerabilities

Hackers exploit known vulnerabilities in outdated or unpatched software to gain entry. 

  1. Misconfigured Cloud Services

Cloud misconfigurations, such as leaving storage buckets or databases publicly accessible, are a growing cause of data breaches. 

  1. Third-Party Vendor Compromise

If third parties lack strong cybersecurity measures, attackers can exploit them as weak links to access larger networks.

  1. Physical Theft or Loss of Devices

Lost or stolen laptops, smartphones, and USB drives containing unencrypted data can lead to breaches. 

  1. Advanced Persistent Threats (APTs)

APTs are long-term, highly targeted attacks conducted by organized cybercriminals or state-sponsored groups. 

Key Factors that Form the Total Cost of a Data Breach

  1. Direct Costs

These are immediate, measurable financial expenses incurred due to the breach.

Detection and Escalation

  • Forensic and investigative activities
  • Assessment and audit of systems
  • Crisis management and breach response team costs
  • Communication with regulators or law enforcement

Notification

  • Notifying affected individuals and authorities
  • Setting up call centers or customer support for inquiries
  • Legal and regulatory documentation and compliance requirements

Containment and Recovery

  • Securing compromised systems and restoring operations
  • Rebuilding IT infrastructure and applications
  • Patch management and new security implementations
  • Hiring external cybersecurity firms for remediation

 2. Indirect Costs

These are longer-term or less tangible costs that can still have major financial implications.

Lost Business

  • Customer churn (loss of existing customers due to loss of trust)
  • Reduced acquisition of new customers
  • Downtime or disruption in services leading to lost sales
  • Reputational damage affecting future revenue

Reputational Damage

  • Decline in brand value and public trust
  • Negative media coverage and social backlash
  • Impacts on stock price and investor confidence

Legal and Regulatory Penalties

  • Fines for non-compliance with data protection laws (e.g., GDPR, HIPAA, CCPA)
  • Class-action lawsuits or settlements with affected individuals
  • Contractual penalties from business partners
  1. Post-Breach Response and Prevention

These are investments made after the breach to prevent recurrence and rebuild trust.

  • Security upgrades and infrastructure improvements
  • Cybersecurity training for employees
  • Investment in monitoring tools and incident response systems
  • Engagement with PR or marketing firms for image repair
  • Customer compensation (credit monitoring, identity theft protection)
  1. Contextual Factors That Influence Total Cost

Certain variables significantly affect the magnitude of a breach’s financial impact:

Factor Impact
Industry Heavily regulated sectors (healthcare, finance) face higher costs.
Type of Data Compromised PII (personally identifiable info) and financial data cost more than non-sensitive data.
Number of Records Breached Costs scale with the number of affected records.
Incident Response Preparedness Companies with incident response plans and teams lower total costs.
Use of AI and Automation in Security Faster detection and response reduce overall breach impact.
Third-Party Involvement Breaches caused by vendors or partners often increase complexity and cost.
Time to Identify and Contain Longer detection and containment times correlate with significantly higher costs.

Conclusion

Calculating a data breach is not merely a technical exercise but a multidimensional process involving quantitative, qualitative, financial, and regulatory assessments. It requires identifying the scope of compromised data, evaluating its sensitivity, determining associated costs, and factoring in detection and containment times. By adopting standardized models and leveraging modern cybersecurity tools, organizations can more accurately estimate the impact of breaches, improve their response strategies, and mitigate future risks. Ultimately, effective breach calculation is an essential step toward building a resilient digital infrastructure in an increasingly interconnected world.

Monitoring Remote Sessions

Security monitoring is crucial for preventing ransomware attacks as it enables early detection, identification of vulnerabilities, monitoring for anomalies, data protection, and compliance with regulatory requirements. 

RecordTS will record Windows remote sessions reliably and securely for RDS, Citrix and VMware systems. Scalable from small offices with one server to enterprise networks with tens of thousands of desktops and servers, RecordTS integrates seamlessly with the native environment.