Cyber Breach Cost Calculator

Understanding the potential cost of a cyber breach is critical for any organisation. While most businesses recognise that incidents carry financial, regulatory, and reputational consequences, the true scale of impact is often underestimated. Breaches affect not just IT systems but also people, processes, and—particularly in operational environments—production, safety, and even public trust.

This calculator is designed to give you a personalised estimate of what a cyber incident could cost your organisation. By combining industry research with your own inputs—such as the number of records you hold, your sector, your security maturity, and whether you operate in critical infrastructure—we can model a cost that reflects both direct and indirect impacts. For OT and CNI sectors, the calculator expands to include production downtime, safety or environmental consequences, and equipment damage.

The result is not a quotation or insurance figure, but a structured way to visualise the risks and potential financial exposure specific to your organisation. It also highlights the key levers that influence cost: the size of your environment, your readiness to detect and contain incidents, and the complexity of your operations.

For those who want to explore further, the calculation logic and references to the underlying research can be found below the calculator. This ensures complete transparency and allows you to trace every assumption back to independent data sources.

Cyber Breach Cost Calculator

Estimate likely breach costs in GBP (£) using research-based defaults. Choose an IT industry preset or expand the OT/CNI section for operational scenarios. USD inputs converted at ~£0.78 per $1.

Industry preset (IT/data-breach oriented)

These presets adjust per-record and business interruption defaults; you can still edit any field.

Number of records affected

Per-record remediation cost (£)

Default from $165 × 0.78 ≈ £129

Notification per record (£)

Credit monitoring per record (£)

Business interruption per day (£)

Lost revenue/operational impact per day (IT side)

Detection / recovery days

Supply-chain compromise uplift

Shadow IT / AI uplift

Security maturity reduction

Regulatory fines (£)

Operational Technology (OT) / CNI — click to expand

OT/CNI vertical preset

Selecting a preset toggles OT mode. The OT interruption model will replace the generic business-interruption line below.

OT production downtime cost per hour (£)

Revenue loss + variable costs + penalties per hour

OT downtime (hours)

Safety / environmental contingency (£)

e.g., spill response, remediation, third-party claims

Physical equipment damage (£)

Regulatory penalties (OT) (£)

Critical safety impact uplift

Tip: If OT mode is active, the calculator uses OT hourly × hours instead of generic per-day downtime × days to avoid double counting.

How the calculation works

The calculator takes into account both direct breach costs (such as notification, credit monitoring, and regulatory fines) and indirect costs (like business interruption, production downtime, and reputational damage). At its core, the model multiplies the number of records affected by average per-record costs, then adjusts the total up or down depending on your environment:

Per-record costs are based on industry studies, which consistently place the average around £129 per record (converted from the global $165 figure).
Notification and credit monitoring costs are added on a per-record basis.
Supply chain or shadow IT/AI exposure increases the cost, reflecting the higher likelihood of complex, harder-to-remediate incidents.
Security maturity can reduce the cost if strong measures such as encryption, SIEM, or threat intelligence are in place.
Business interruption is estimated as a daily or hourly loss depending on whether you select IT or OT/CNI mode.
OT/CNI sectors add further components for downtime per hour, safety or environmental contingencies, physical equipment damage, and potential regulatory penalties.

The total figure should be read as an indicative risk exposure, not a definitive quote. It shows the magnitude of potential costs and which levers make the biggest difference for your organisation.

References:

This calculator draws on recognised, publicly available research into the cost of cyber breaches, including:

IBM Cost of a Data Breach Report (2023–2025), which provides global averages and industry breakdowns.
UK Government Cyber Security Breaches Survey (2024) for UK-specific figures.
NetDiligence Cyber Claims Study (2024) analysing thousands of real insurance claims.
Coveware Ransomware Reports (2024–2025) for ransom payment data and incident response trends.
Hiscox Cyber Readiness Report (2024) for SME-focused loss data.
Coalition Cyber Claims Report (2025) covering frequency and severity by sector.
ENISA Threat Landscape reports for context on the drivers of cyber incident costs.
Supplementary insights from research by Howden, Pentera, and industry sources on downtime, shadow IT, and supply chain exposure.