CalcCafe

Data Breach Cost Calculator

Estimate what a data breach could cost your organization — combining per-record exposure, business downtime, and fixed response costs into one figure.

Reviewed by the CalcCafe editorial team · Last updated 1 July 2026 · How we test our tools

Estimated total breach cost
$0
Per-record cost
-
Downtime cost
-
Fixed costs
-

Estimate only, not security or financial advice. Based on records × cost/record + downtime × hourly loss + fixed costs.

Example

A breach exposing 10,000 records at $165 per record costs $1,650,000 in record-level impact. Add 24 hours of downtime at $5,000/hour ($120,000) plus $50,000 in fixed response costs, and the estimated total lands at $1,820,000.

How it works

Total cost = (records exposed × cost per record) + (downtime hours × hourly loss) + fixed response costs. The per-record component reflects detection, notification, legal and remediation spend spread over each exposed record, while the downtime component captures lost revenue and productivity during the outage.

Good to know

Putting a dollar figure on a data breach is hard because the damage arrives in waves — an immediate scramble to contain and investigate, then notification and legal work, and finally the slower bleed of lost customers and reputational harm. This tool keeps the model deliberately simple: it multiplies the number of exposed records by an average cost per record, adds the business impact of downtime, and tops it off with the fixed costs you already know you will incur, such as forensic consultants or a public-relations retainer.

The default of $165 per record echoes the kind of per-record figures published in industry breach-cost studies. That number is an average across industries, and yours may differ substantially: healthcare and financial-services records typically cost far more to remediate because of regulatory penalties and the sensitivity of the data, while a leak of low-value marketing emails may cost much less. Adjust the per-record input to match your sector rather than treating the default as gospel.

Downtime is often the most overlooked line item. If a ransomware event takes critical systems offline, the hourly cost of halted operations, idle staff, and missed transactions can rival or exceed the record-level costs. Estimate your hourly loss honestly — include revenue you cannot recover, not just payroll — and multiply by a realistic recovery window, which for serious incidents is frequently measured in days rather than hours.

Treat the output as a planning estimate to size your cyber-insurance coverage, justify security spending, or run tabletop scenarios — not as an actuarial prediction. Real breach costs depend on regulatory jurisdiction, contractual liabilities, and how prepared your incident-response team is on day one.

Frequently asked questions

What does cost per record actually include?
It bundles the many small costs tied to each exposed record: detection and forensics, customer notification, credit monitoring, legal and regulatory response, and lost business. Industry studies often cite averages around $160–$170, but regulated sectors like healthcare run much higher.
Why is downtime a separate input?
Record-level costs and operational downtime scale differently. A breach can expose few records but still cripple operations, or expose millions with little outage. Splitting them lets you model your specific incident more accurately.
Is my data uploaded anywhere?
No — this calculator runs entirely in your browser. Your inputs never leave your device, and it works offline once loaded.
Is this calculator free?
Yes, completely free with no sign-up and no limits.

People also ask

How much does a data breach cost on average?
Industry reports put the global average total breach cost in the millions of dollars, driven largely by a per-record cost commonly cited near $165. Your figure depends on records exposed, your sector, and how long systems stay down.
How do you calculate the cost of a data breach?
A common approach multiplies the number of exposed records by an average cost per record, then adds the cost of operational downtime and any fixed response expenses like forensics and legal fees. This tool does exactly that.
What is the most expensive part of a data breach?
For many organizations, lost business and downtime dominate — customers leave and operations stall — while for regulated data, notification and regulatory penalties can be the largest single component.

Related calculators

Sources & references

Estimate only, not security, legal, or financial advice. Actual costs vary by jurisdiction, industry, and incident.

These tools follow our methodology and provide educational estimates only — verify important figures with a qualified professional.