How to Calculate the True Cost of an Incident
Incident cost is not just the ransom payment or the vendor invoice. A complete cost model has four components. Missing any one of them typically understates the true cost by 30-50%. This page explains each component, provides the formula, and walks through a worked example. For an interactive tool that does the calculation for your specific scenario, use incidentcostcalculator.com.
The Four-Component Formula
Direct Costs
Revenue Loss
Productivity Loss
Second-Order Costs
The IBM CODB Methodology
IBM's Cost of a Data Breach Report uses a 4-activity cost model that maps closely to the four-component formula above. Understanding their methodology is essential for correctly interpreting their published averages.
| IBM Activity | Maps To | What It Includes |
|---|---|---|
| Detection and escalation | Direct Costs | Security investigation, forensic analysis, crisis team communication, executive escalation, crisis management |
| Notification | Direct Costs + Second-Order | Notification to regulators, affected individuals, credit monitoring setup, legal counsel for notification |
| Post-breach response | Direct Costs | Helpdesk setup, inbound inquiries from affected individuals, identity protection, regulatory response, legal defence |
| Lost business | Revenue Loss + Second-Order | Customer churn, revenue during downtime, reputational impact measured as lost business, new business lost |
Key IBM exclusion: IBM CODB does not include ransom payments in breach cost figures. IBM treats ransomware as a separate category from data breach. This means the $4.44M global average is specifically breach costs, and does not represent total ransomware incident cost (which averages $5.75M when ransom is included).
Worked Example: Mid-Sized Data Breach
Compare to IBM CODB 2025 US average: $10.22M. Our example is smaller scale (50K records vs IBM avg), which explains the lower total. The class action settlement is the largest single cost component.
The worked example above uses generic assumptions. For an interactive calculation tailored to your organisation size, industry, incident type, and specific parameters, use the dedicated calculator tool.
incidentcostcalculator.com - Scenario-Specific Incident Cost Calculator