What Does a Data Breach Cost? Key Insights for Cyber Leaders
The True Cost of a Data Breach in 2024
Data breaches have evolved from technical glitches into full-blown financial and reputational crises. In 2024, the global average cost of a data breach reached $4.88 million, according to the IBM Cost of a Data Breach Report. That was a ten percent increase over the previous year. For the healthcare sector—the sector with the highest average breach cost—the average cost was $9.77 million.
The true cost of a data breach is more than recovery, though—overall costs include long-term reputational damage, operational disruptions, and regulatory consequences. For security leaders, understanding the anatomy of breach costs is crucial to securing budget and board support.
Breaking Down Breach Costs: Direct and Indirect Direct Costs:
- Incident response and digital forensics
- Legal counsel
- Regulatory fines
- Customer notification
- Credit monitoring
- Infrastructure repair and remediation
- Lost business and customer churn
- Brand and reputational damage
- Productivity loss
- IT downtime
- Increased cyber insurance premiums
Long-tail costs may continue for months or even years, especially when litigation or regulatory investigations are involved. These indirect costs, though less visible upfront, often lead to higher breach costs.
What contributes to the cost of a data breach?
Costs can vary based on company size, location, and sector—and it can also vary based on attack type. Organizations in the United States typically face higher costs than those in other countries or regions. Last year it averaged out to $9.36 million. The next costliest countries and regions are in the Middle East, Benelux, Germany, and Italy.
For ransomware incidents, the median ransom demand payment decreased in 2024 compared to the previous year (from $150,000 to $115,000), according to the 2025 Verizon Data Breach Investigation Report. Although just a small portion of the true cost of ransomware attack, ransom payments data can provide a key insight into costs that organizations face when a crisis hits.
Business email compromise (BEC) alone led to a whopping $6.3 billion in 2024, according to the FBI.
Recent high profile incidents can offer a window into the wide range of costs to breached organizations:
Lessons from the Change Healthcare Ransomware Attack: Following the 2024 Change Healthcare ransomware incident, UnitedHealth Group paid a $22 million ransom and has disclosed over $1.6 billion in projected breach-related expenses, including recovery efforts, vendor support, and emergency loans. It has projected that the total may amount to $2.45 billion.
Lessons from the Ticketmaster breach: Ticketmaster announced it was hacked in 2024, affecting 560 million customers. The hacking group allegedly responsible demanded a $500,000 payment from Ticketmaster.
What are Key Factors That Inflate Breach Costs?
- Extended Dwell Time: The longer a breach remains undetected, the higher the cost. In 2024, organizations that had a dwell time beyond 200 days had average costs of $5.46 million, according to IBM.
- Third-Party Breaches: The cost of third-party breaches is typically 40% higher compared to the cost to remediate just an internal breach, according to Gartner.
- Data Type Exfiltrated: Breaches involving personally identifiable information (PII), PHI, or payment card data can trigger higher penalties depending on the number of individuals affected and their locations.
Reducing Breach Costs: Best Practices for 2025
Accelerate threat detection early. Detection is one of the most impactful ways to reduce breach impact:
- Deploy EDR and XDR tools
- Set up real-time alerts for anomalous behavior
- Leverage managed detection and response (MDR) services
Run tabletop exercises and red team drills. Simulating breach scenarios builds muscle memory across departments:
- Involve legal, PR, compliance, and vendors
- Use realistic attack scenarios
- Test both technical and communication responses
Monitor your vendor ecosystem continuously. Supply chain breaches often stem from unmonitored third-party risks:
- Continuously assess vendor security posture
- Use external ratings to identify exposed endpoints
- Detect stale credentials or outdated software
Maintain an accurate asset inventory. Security teams can’t protect what they don’t know exists:
- Track cloud instances, APIs, remote devices, and shadow IT
- Use automated tools to map external and internal assets
- Reconcile discrepancies between inventories regularly
Quantifying Breach Risk to the Board
CISOs must speak the board’s language: Risk and return on investment (ROI). Leaning on a framework like FAIR (Factor Analysis of Information Risk) can allow leaders to:
- Estimate annualized loss expectancy (ALE)
- Calculate financial exposure from top scenarios
- Model control effectiveness against expected loss
Boards are more likely to approve security investments when they understand the business risk and financial upside. A well-documented cyber incident response plan adds credibility during funding discussions.
Modern cybersecurity planning must assume a breach will happen. What matters most is:
- How fast you detect it
- How well you contain it
- How quickly you recover from it
SecurityScorecard’s SCDR platform provides the continuous visibility and risk intelligence needed to manage these outcomes—especially across complex third-party ecosystems.
Protect Your Supply Chain with Real-Time Threat Detection SecurityScorecard’s SCDR solution offers continuous monitoring of your third-party ecosystem, enabling swift identification and mitigation of cyber threats. Enhance your organization’s resilience by proactively managing supply chain risks.
