Updated June 2026 · IBM CODB 2025 · Ponemon 2025 · PagerDuty 2024

What does a business incident actually cost?

$4.44M
Average data breach cost
IBM CODB 2025
$1.53M
Avg ransomware recovery
Sophos 2025 (excl. ransom)
$794K
Average P1 IT incident
PagerDuty 2024

This site documents what every type of business incident costs, and why. Vendor-neutral, fully cited, updated with 2025 data.

See the 2026 Incident Cost IndexHow costs are calculatedLooking for a calculator? Try incidentcostcalculator.com
MTTR uplift ROI

What is one hour off your MTTR actually worth?

Type your incident profile. Then tick the investment levers you'd consider. We'll model the year-1 and 3-year net result.

incidents
hours
$USD
Investment levers

2026 Incident Cost Index

See full index

A consolidated reference table aggregating per-incident costs across all major incident types. No other resource publishes this cross-category view.

Incident TypeAvg Cost Per IncidentYoY ChangeSource
Data breach (global)$4.44M-9%IBM CODB 2025
Data breach (US)$10.22M+9%IBM CODB 2025
Ransomware (recovery, excl. ransom)$1.53M-44%Sophos 2025
Insider threat (credential theft)$779K+15%Ponemon 2025
P1 IT incident$794Kn/aPagerDuty 2024

Showing 5 of 17 rows. View complete index.

Browse by Incident Type

Every major category of business incident documented with cost data, cost components, and industry comparisons.

Data BreachHIGH
$4.44M avg
RansomwareHIGH
$1.53M recovery
Insider ThreatMED
$779K/incident
Service OutageMED
$794K/P1
DDoS AttackMED
$120K-$2M
Supply ChainHIGH
$4.76M avg
Compliance ViolationVARIES
4% global revenue
Data LossMED
$150-$200/record

How Incident Cost Is Calculated

Incident cost is not just the ransom payment or the downtime bill. It has four components, all of which compound:

1
Direct Costs
Forensics, remediation, system rebuild, legal retainer, PR agency, notification.
2
Revenue Loss
Customer-facing downtime revenue per hour times outage duration, plus lost contract revenue and customer churn.
3
Productivity Loss
Affected employees times fully loaded hourly cost times hours lost. Averages $100-$125/hr for senior staff.
4
Second-Order Costs
Regulatory fines, legal settlements, credit monitoring for victims, reputation damage, and insurance premium increases.
Full methodology and worked examples

Cost by Industry

Full breakdown
IndustryAvg Breach CostRansomware RiskKey Regulatory Exposure
Healthcare$7.42MHighHIPAA
Finance$5.56MVery HighGLBA/SEC
Technology$4.79MHighReputational
Retail$3.54MModeratePCI DSS
Public Sector$2.86MModerateOperational

Source: IBM Cost of a Data Breach Report 2025. Showing top 5 industries by breach cost.

Cost by Company Size

Full breakdown
SMB (<100 employees)
$120K-$1.24M

60%+ of SMBs that suffer a major incident close within 6 months. Fixed forensics and legal costs hit small orgs disproportionately.

Mid-Market (100-1000)
$2.5M-$4M

Rising target profile, under-resourced security teams relative to enterprise. Regulatory exposure increasing as they hold more regulated data.

Enterprise (1000+)
$4.44M-$10.22M

US enterprises average $10.22M per breach. Cross-subsidiary blast radius and board-level regulatory scrutiny multiply costs.

Incident Response Firm Pricing

All IR firms

The named DFIR firms publish almost no pricing. These reference pages triangulate emergency hourly rates, retainer fees, and minimum engagement sizes from public data sheets, RFP responses, and breach disclosures.

Mandiant (Google Cloud)
Tier-1 DFIR, M-Trends authors
CrowdStrike Services
Falcon-integrated IR + retainer
Kroll
Cyber risk retainer, breach notification
Coveware
Ransomware negotiation specialist
Unit 42 (Palo Alto)
IR + proactive retainer
Arctic Wolf
MDR with IR included

Frequently Asked Questions

How much does a business incident cost on average?
A business incident costs anywhere from $794,000 for an average P1 IT outage (PagerDuty 2024) to $4.44M for a data breach globally and $10.22M in the US (IBM Cost of a Data Breach 2025), with ransomware recovery averaging $1.53M excluding ransom (Sophos State of Ransomware 2025) and an insider credential-theft incident $779,000 (Ponemon 2025). The figure depends on incident type, industry, and company size.
What is the most expensive type of security incident?
US data breaches are the most expensive common incident at $10.22M (IBM Cost of a Data Breach 2025), followed by supply-chain compromises at $4.76M and the $4.44M global breach average. Ransomware recovery averages $1.53M excluding ransom (Sophos State of Ransomware 2025), with a ransom payment of a median $325,000 to $1M added where the victim pays, plus downtime, legal, and notification costs on top.
What are the four components of incident cost?
Incident cost has four components that compound: (1) direct costs (forensics, remediation, legal retainer, PR, notification), (2) revenue loss from customer-facing downtime, (3) productivity loss from staff diverted to response, and (4) second-order costs (regulatory fines, settlements, credit monitoring, reputation damage, and higher insurance premiums).
How much does incident response cost per hour?
Emergency incident response costs $800-$1,500 per hour from top-tier DFIR firms with no retainer in place, dropping to $175-$400 per hour once a retainer is active. Annual IR retainers run $10,000-$100,000 per year, and a typical mid-market engagement totals $25,000-$500,000 depending on scope and duration.
IncidentCost.com is an independent educational resource. All cost figures are drawn from published industry research including IBM's Cost of a Data Breach Report, Ponemon Institute Cost of Insider Risks Report, Verizon Data Breach Investigations Report, Atlassian incident management research, and PagerDuty incident surveys. This site is not affiliated with IBM, Ponemon Institute, Verizon, Atlassian, PagerDuty, or any security vendor. Figures are for educational and planning purposes only.