Skip to main content

Request SaaS Deployment

Contact Sales

Data Protection

How to Calculate the Cost of a Data Breach


A data breach isn’t just a concern for cybersecurity officers anymore. Entailing costly remediation activities and reputational damage, a data breach becomes a complex financial issue for the whole business. Reducing the risk of a data breach can save your company millions of dollars in addition to saving your reputation and client loyalty.

The best way to reduce the cost of a possible data breach is to learn about how breaches happen. In this article, we answer the question What is the average cost of a data breach? We also consider cost-forming factors, cover the most common types of data breaches, and give some tips for protecting your organization from a data breach.

What is a data breach?

As defined by NIST, a data breach is “an incident that involves sensitive, protected, or confidential information being copied, transmitted, viewed, stolen, or used by an individual unauthorized to do so.”

Data breaches usually affect financial, medical, or personally identifiable information of individuals and organizations. A leak of such sensitive information can lead to numerous financial losses in the form of fines and penalties, remediation costs, loss of potential profits, etc. Even more alarmingly, the average total cost of a data breach keeps growing year after year.

Average total cost of a data breach, in millions USD

Because of the sudden switch to remote work in 2020, the security posture of many organizations was weakened. Malicious actors saw it as an opportunity to attack, and that’s why the number of data breaches increased rapidly in 2020 and 2021. By October 2021, 1,291 data breaches had been reported for the year to date compared to 1,108 breaches reported during the whole of 2020 according to the 2021 Q3 Data Breach Analysis by the Identity Theft Research Center.

Which industries suffer the most from data breaches?

The Ponemon Institute in its 2021 Cost of a Data Breach Report analyzed data from 537 organizations around the world that had suffered a data breach. They found that healthcare, financial, pharmaceutical, technology, and energy organizations suffered the costliest data breaches.

5 industries with the highest average cost of a data breach

What causes data breaches?

The primary motivators of hackers and malicious insiders are financial gain and corporate espionage. Less common goals are hacktivism, revenge on the company, and government espionage. The five most common causes of data breaches are the following:

1. Hacking. Organized crime is the most widespread cause of data breaches according to the Verizon 2021 Data Breach Investigation Report [PDF]. Hackers aim to steal sensitive data and either sell it or use it for their own benefit. The most common methods of hacking include DDoS attacks, credential theft, use of backdoors, command and control attacks, and brute forcing.

2. Social engineering. This type of malicious activity is aimed at obtaining user credentials without hacking. Common forms of social engineering are phishing, email compromise, phone calls, and pretexting. During the COVID-19 pandemic, social engineering became so frequent that the FBI and Interpol issued recommendations on recognizing and protecting against such attacks.

Recognizing social engineering is more challenging than it seems. In real-world phishing simulations conducted by Terranova Security, 67% of users submitted their credentials to phishing forms.

3. Malware. Malicious software like ransomware, spyware, Trojans, and downloaders help cybercriminals obtain sensitive data or credentials of trusted user accounts. Malware can be delivered to a user’s computer via an email, messenger, compromised website, or compromised device. Once inside the protected infrastructure, malware masks itself from security tools and does its dirty work.

4. Human errors. Inadvertent actions like sending an email to the wrong recipient or uploading data to public cloud storage can also cause a data breach. You can’t control or predict human errors in cybersecurity, but a single unintentional error can cost a fortune to fix. Detecting such a breach and protecting your company from human errors are two of the hardest cybersecurity tasks.

5. Insider attacks. This type of attack is caused by a user with legitimate access to an organization’s sensitive data: a disgruntled employee, third-party vendor, or inside agent. Whether an insider has malicious intent or harms an organization out of negligence, their actions are usually more dangerous than those of external threat actors. Insiders know exactly what data they can obtain, and they already have access to the organization’s network.

Detecting an insider attack is challenging because insiders usually know which security tools are deployed in an organization. Their deeds can stay unnoticed and silently harm the organization for a long time. That’s why 95% of organizations feel vulnerable to insider attacks according to the 2020 Insider Threat Report [PDF] by Cybersecurity Insiders.

5 industries with the highest average cost of a data breach

What are the most damaging data breaches of 2021?

The cost of a data breach greatly depends on the number of compromised records. That’s why for organizations that manage vast amounts of sensitive data, a breach can cost way more than the average $4.24 million. According to the Ponemon Institute’s 2021 Cost of a Data Breach Report, breaches that affect from 1 to 10 million records cost $52 million on average. Let’s take a look at cybersecurity incident examples from 2021 that cost even more than that.

The British Airways case is a textbook example of a company that has suffered from a single data breach for years. In 2018, hackers stole the personal records of 429,000 British Airways customers and employees. After a complex investigation, in 2020, the company was fined £20 million (≈ $27 million) for its insufficient data protection system. Today, it faces an £800 million (≈ $1 billion) class action lawsuit from data breach victims.

Improper management and sharing of sensitive data can also be considered a data breach and lead to costly penalties. In September 2021, the Irish Data Protection Commission found security violations in the way WhatsApp processes user data and shares it with other companies. That is a serious GDPR violation that led to a €225 million (≈ $266 million) fine for WhatsApp.

But data breaches can do more damage than creating a hole in a company’s budget. Sometimes, it’s impossible to put a price tag on a hazardous breach. In 2021, the Dallas police suffered from a negligent insider attack that could put people in danger. A city IT manager accidentally deleted 22 terabytes of data while transferring them to a new server.

The deleted data contained evidence that the Dallas County District Attorney’s Office needed to investigate criminal cases. Because of a lack of evidence, they had to release a murder suspect just before trial. Later, Dallas City Hall managed to restore part of the lost records and reinstate the murder trial.

5 Real-Life Examples of Breaches Caused by Insider Threats

What determines the cost of a data breach?

Determining the costs of a data breach involves calculating several major components:

  • Direct costs are the expenses for dealing with a detected breach. This includes the costs of forensic activities and information security investigation, fines, and compensation to affected parties.
  • Indirect costs are connected with the time, effort, and other resources necessary to cover losses from the data breach. Indirect costs include expenses for communications regarding the status and effects of the breach; issuing new accounts, credit cards, and credentials; and lost revenue from system downtime.
  • Lost opportunity costs account for lost business opportunities as a consequence of reputational harm. For example, a breach can lead to a loss of potential customers, a shortfall in profits due to loss of reputation, or a loss of competitive advantage on the market.
3 types of breach-related expenses

The cost of a data breach is influenced by every action your company takes and even by your company’s location. The average total cost of a data breach in the United States in 2020 was $9.05 million, whereas in Germany it was $4.89 million, and in Australia it was $2.82 million.

Cybersecurity Breaches Caused by Insiders: Types, Consequences, and Ways to Prevent Them

What factors form the cost of a data breach?

Each data breach does a different amount of damage and needs to be handled in a different way. That’s why no data breach cost calculator can be pinpoint accurate when estimating the damage of a hypothetical incident. However, a calculator can give you a general understanding of cost components.

In their 2021 Cost of a Data Breach Report, the Ponemon Institute highlights the following key factors for estimating the cost of a data breach:

Type of affected dataCompromising records of customers’ PII, intellectual property, and other sensitive data cost the most — $180, $169, and $165 per record respectively.
Number of affected peopleEach person affected by the breach needs to be compensated.
Previous history of security incidentsHIPAA, PCI DSS, and other cybersecurity laws, standards, and regulations enforce stricter punishment for organizations that suffer from more than one breach during a given year.
Attack vectorSome attack vectors provide malicious actors with more ways to harm an organization than others. On average, the most expensive attack vectors are business email compromise ($5.01 million), phishing ($4.65 million), and insider activity ($4.61 million).
Duration of the breachBreaches that are detected and remediated in less than 200 days on average cost a third less than breaches that last over 200 days.
Incident response team activityOrganizations that have both an incident response team and incident response plan in place spend $3.25 million on an average breach. Organizations without them spend $5.71 million on average.
Implementation of a zero trust approachA zero trust approach to security reduces the attack surface for malicious actors. If it isn’t implemented, an organization pays on average $5.04 million. With a mature zero trust model, the cost of an average data breach goes down to $3.28 million.
Security automation and artificial intelligence (AI)Leveraging AI and automation helps to stop a security incident at the early stages, reducing remediation costs from an average of $6.71 million to $2.90 million.
Data encryptionEncrypting data makes it a lot more challenging for hackers to benefit from a breach. Organizations that apply high encryption standards spend on average $3.62 million on data breach remediation; those who don’t spend $4.87 million on average.
Complexity of the cybersecurity systemOrganizations with more tools, systems, devices, and users saw an average cost of a security breach of $5.18 million, compared to $3.03 million for organizations with low system complexity.
Use of a cloud environmentCompanies that rely on public clouds pay $4.80 million for an average data breach. Those who choose private clouds pay $4.55 million on average, and those who go with hybrid environments pay an average of $3.61 million.
Involvement of remote usersIn 2020, telecommuting became a major factor that increases the cost of a data breach: incidents that involve remote work cost an average of $4.96 million, while incidents that don’t cost an average of $3.89 million.

As you can see, handling a data breach is a challenging and costly process. The good news is that you can prepare for a data breach, mitigate possible damage, and reduce your expenses. To do so, you need to reinforce your cybersecurity system with the most efficient tools and practices. But remember not to overdo it — because, as we mentioned earlier, an over-complicated security system can increase the cost of a data breach instead of decrease it.

6 practices to reduce the risk of data breaches

Let’s take a look at must-have security measures to mitigate the risk of a data breach and ways you can detect a breach with Ekran System:

6 steps to reduce the cost of a data breach

1. Assess your security risks

Before you start improving your cyber defenses, it’s a good idea to find out what can harm your organization the most. To do that, you can conduct a risk assessment — a practice that helps you identify:

  • Sensitive data
  • Threats to an organization
  • The potential impact and likelihood of those threats
  • Business risks posed by these threats

While conducting a risk assessment, it’s useful to analyze known data breaches in your industry and the history of security incidents in your organization. For the latter, you can study user activity records, a list of triggered alerts, and reports on security events that Ekran System can provide. All of these sources will provide you with useful insights into past incidents and their impact.

Insider Threat Risk Assessment: Definition, Benefits, and Best Practices

2. Form an incident response team

Forming a threat response team and implementing an incident response program can reduce the average cost of a data breach by 41%. However, preparing an efficient team requires considerable effort.

An incident response team includes employees that start remediating damage from the data breach when it occurs. They need to analyze the incident, gather evidence, take needed recovery measures, notify affected parties, etc.

To be able to respond to incidents quickly and efficiently, the team should consist of specialists from various departments: IT, legal, security, communications, customer service, executive management. The threat response team also requires relevant cybersecurity training, the authority to act decisively, and the opportunity to prepare incident response plans for various breach scenarios in advance.

Data Breach Response and Investigation: 7 Steps for Efficient Remediation

3. Deploy security threat detection tools

Threat detection time plays a crucial role in forming the cost of a data breach. The more time a malicious actor can spend with an organization’s data, the more damage they can inflict. The most efficient way to detect security threats in a fast manner is by deploying dedicated software that monitors activity in your network and notifies you of any odd and risky actions.

Ekran System helps you detect a breach in real time and respond to it fast. It continuously monitors user activity across your protected perimeter. When a user violates a security rule, Ekran System sends an alert to a responsible security officer. The officer can then review the user session online, determine whether the user’s actions threaten the organization’s security, and block the user or process if needed.

To make the incident response even faster and more efficient, you can configure Ekran System to block suspicious activities automatically.

User Activity Monitoring

4. Leverage AI for cybersecurity tasks

Implementing AI capabilities brings security threat detection to another level. AI allows security officers to act preventively against potential threats, reducing the average cost of a breach from $4.79 million to $3.30 million according to the Ponemon Institute.

AI is at the core of user and entity behavior analytics (UEBA) solutions that analyze daily user activities, create a baseline of user behavior, and spot any changes and unusual actions. UEBA solutions can also assess threats for security officers by analyzing each user activity and calculating a risk score for it. A UEBA tool can detect sophisticated data breaches caused by:

  • User account compromise
  • Credential leaks
  • Insider activity

For example, Ekran System’s UEBA module notices when a user logs in to their account outside usual working hours. This can be a sign of an insider threat or a hacking attempt.

7 Cybersecurity Challenges to Solve with a UEBA Deployment

5. Implement the zero trust approach

As the name suggests, the zero trust approach to cybersecurity assumes that no user or entity in your system should be trusted. Users should be able to access only the resources they need for their work routines. Additionally, before providing a user with access to resources, you should verify their identity.

This approach helps to significantly reduce the attack surface in case a user goes rogue or their account is compromised. That’s why organizations with a mature zero trust architecture in place can lower the average cost of a data breach to $3.28 million according to the Ponemon Institute.

You can implement the zero trust approach by leveraging Ekran System’s identity and access management capabilities. With multi-factor authentication, it’s easy to confirm the identity of the person trying to log in to a user account.

Moreover, you can configure a user’s access rights using:

  • A role-based access model
  • Time-based access to sensitive resources
  • Manual access approval
  • Auto-generated one-time passwords
  • And other methods

Privileged Access Management

6. Protect remote connections

The need to switch to remote work has reduced the effectiveness of organizations’ IT defenses by 27% according to Cybersecurity in the Remote Work Era: A Global Risk Report [PDF] by the Ponemon Institute. Telecommuters work outside of the traditional cybersecurity environment, use unprotected devices, and connect to unsecured public networks. All of that creates additional security risks. That’s why a data breach that involves remote workers costs an average of $1 million more than a data breach that doesn’t involve remote workers according to the Ponemon Institute.

Here’s what you can do to mitigate security risks caused by remote connections:

  • Secure connections to sensitive resources with a VPN
  • Make sure remote employees use protected devices and software
  • Deploy Ekran System to monitor the activity of telecommuters
  • Configure Ekran System to limit access to sensitive data and verify a user’s identity upon each connection

Remote Employees: How to Manage Insider Risks


The cost of a data breach depends on a great number of factors. And you can’t precisely estimate how much a data breach could cost your company because every breach is unique.

The only way to prevent a breach or reduce the cost of dealing with its consequences is by building a 360-degree security system. Ekran System provides you with useful tools to do that. With user activity monitoring, access management, alerts on security incidents, and a UEBA module, you’ll be able to detect and stop a security breach instead of paying millions of dollars to mitigate the consequences.

Request a free trial of Ekran System to start improving your security today!



See how Ekran System can enhance your data protection from insider risks.