What does a business incident actually cost?
This site documents what every type of business incident costs, and why. Vendor-neutral, fully cited, updated with 2025 data.
What is one hour off your MTTR actually worth?
Type your incident profile. Then tick the investment levers you'd consider. We'll model the year-1 and 3-year net result.
2026 Incident Cost Index
See full indexA consolidated reference table aggregating per-incident costs across all major incident types. No other resource publishes this cross-category view.
| Incident Type | Avg Cost Per Incident | YoY Change | Source |
|---|---|---|---|
| Data breach (global) | $4.44M | -9% | IBM CODB 2025 |
| Data breach (US) | $10.22M | +9% | IBM CODB 2025 |
| Ransomware (recovery, excl. ransom) | $1.53M | -44% | Sophos 2025 |
| Insider threat (credential theft) | $779K | +15% | Ponemon 2025 |
| P1 IT incident | $794K | n/a | PagerDuty 2024 |
Showing 5 of 17 rows. View complete index.
Browse by Incident Type
Every major category of business incident documented with cost data, cost components, and industry comparisons.
How Incident Cost Is Calculated
Incident cost is not just the ransom payment or the downtime bill. It has four components, all of which compound:
Cost by Industry
Full breakdown| Industry | Avg Breach Cost | Ransomware Risk | Key Regulatory Exposure |
|---|---|---|---|
| Healthcare | $7.42M | High | HIPAA |
| Finance | $5.56M | Very High | GLBA/SEC |
| Technology | $4.79M | High | Reputational |
| Retail | $3.54M | Moderate | PCI DSS |
| Public Sector | $2.86M | Moderate | Operational |
Source: IBM Cost of a Data Breach Report 2025. Showing top 5 industries by breach cost.
Cost by Company Size
Full breakdown60%+ of SMBs that suffer a major incident close within 6 months. Fixed forensics and legal costs hit small orgs disproportionately.
Rising target profile, under-resourced security teams relative to enterprise. Regulatory exposure increasing as they hold more regulated data.
US enterprises average $10.22M per breach. Cross-subsidiary blast radius and board-level regulatory scrutiny multiply costs.
Incident Response Firm Pricing
All IR firmsThe named DFIR firms publish almost no pricing. These reference pages triangulate emergency hourly rates, retainer fees, and minimum engagement sizes from public data sheets, RFP responses, and breach disclosures.
Frequently Asked Questions
How much does a business incident cost on average?
What is the most expensive type of security incident?
What are the four components of incident cost?
How much does incident response cost per hour?
Building around your incident response?
Digital Signet builds custom software and AI automation for security teams. Triage automation, evidence collection, post-mortem tooling, workflow automation.
Get in touch →