← All calculators
All · FREE TOOL

Data Breach Cost Calculator

The 2024 IBM Cost of a Data Breach report puts the global average at $4.88M per breach and $169 per record — but healthcare, financial services, and pharma run dramatically higher. This tool estimates your exposure based on record volume and industry, breaking out detection/escalation, notification, response, and lost-business cost categories.

Use PII records — not log lines.
Estimated total breach cost
$12.25M
50,000 records × $245 per record (Technology / SaaS). Industry baseline avg breach: $5.14M.
Detection & escalation (31%)$3.80M
Notification (6%)$735K
Ex-post response (25%)$3.06M
Lost business (38%)$4.66M
Run my free compliance auditGenerate policies

How this is calculated

IBM Cost of a Data Breach Report 2024
Global average $4.88M, US average $9.36M, healthcare $9.77M (14th straight year as highest).
IBM/Ponemon per-record costs 2024
Healthcare $408, financial $268, pharmaceuticals $258, energy $251, industrial $245.
Verizon DBIR 2024
Breach cost categories: detection/escalation, notification, ex-post response, lost business.

Things people get wrong

Real enforcement examples

Equifax
$700M+
Largest consumer-data settlement in US history — Apache Struts patch ignored for 76 days
Target
~$202M
HVAC vendor credentials → 40M payment cards + 70M customer records
Anthem Inc.
$16M
Largest HIPAA settlement in history — 78.8M records breached

FAQ

Which industry has the highest breach costs?
Healthcare — $9.77M average breach cost in 2024, the 14th consecutive year as the most expensive industry. Financial services ($6.08M) and industrial ($5.56M) follow.
Does this include regulatory fines?
Partially. IBM's per-record cost includes some post-breach response (notification, legal, ex-post audits) but does NOT include criminal penalties, full civil judgments, or share-price impact. Add 20-40% for fully-loaded board-deck numbers.
How can we reduce our estimated breach cost?
Three biggest reductions per IBM 2024: AI/ML-driven security automation (-$2.22M), incident response team + tested IR plan (-$248K), and DevSecOps integration (-$252K). Most are downstream of the controls covered in a ComplianceIQ audit.

Related

SOC2 audit →ISO27001 audit →NIST audit →HIPAA audit →GDPR Fine CalculatorHIPAA Penalty CalculatorCCPA / CPRA Penalty CalculatorSOC 2 Audit Cost Calculator