How much does it cost to recover from a cyber attack?

The cost of recovering from a cyber attack can vary greatly depending on the size of the organization and the extent of the breach. However, research shows that data breaches are becoming more frequent and more costly for organizations of all sizes. In 2020, the average cost of a data breach was $3.86 million globally, and $8.64 million in the US alone. Clearly, cyber attacks can have a major financial impact that organizations need to take seriously and prepare for.

What are the main costs associated with recovering from a cyber attack?

There are many potential costs that organizations can incur when responding to and recovering from a cyber attack. Some of the main expenses include:

  • Incident response and forensics – The costs of investigating the attack, determining its scope, and containing the breach. Forensic analysis of compromised systems and data by cybersecurity experts is often required.
  • Network monitoring – Enhanced monitoring and protection of systems during and after an attack. This may require specialized security services and staffing.
  • Regulatory compliance – Fines and penalties for failing to comply with data protection regulations. There are also costs to comply with mandatory breach notification laws.
  • Public relations – Managing communications and public relations throughout the crisis. This aims to rebuild trust and the company’s reputation.
  • Customer protection – Customer notification costs and providing credit monitoring services to impacted individuals. This helps protect customers from potential identity theft and fraud.
  • Lost business – Decreased revenue and productivity during downtime. There may also be long-term impacts due to loss of customers and damage to the brand’s reputation and trust.
  • Legal fees – Legal costs arising from potential lawsuits by customers or shareholders impacted by the breach.
  • Insurance premium increases – Cyber insurance costs often rise after a claim is made due to a breach.
  • Technical upgrades – New investments in security defenses, such as encryption, firewalls, and endpoint security. Upgrading systems to prevent similar attacks in future.

Of these costs, the biggest expenses usually come from business disruption, lost revenue, and damage control after the attack. But the specific costs for any given organization can vary widely depending on the unique circumstances of the breach.

What is the average total cost of a data breach?

According to IBM’s 2021 Cost of a Data Breach report, the global average cost of a data breach is $4.24 million. The average data breach in the US costs $9.05 million. The report analyzed real-world data breaches amongst 500 organizations worldwide.

Some key findings on average breach costs include:

  • Average cost of a breach in the US is $1.15 million more than the global average.
  • Average cost of a mega breach (over 1 million records lost) is $50 million.
  • Breaches cost over $1 million more on average when remote work is a factor in the breach.
  • Compromised credentials were the most common root cause of breaches and added over $1 million to the cost.
  • The more lost or stolen records there were, the higher the average breach cost.

The report highlights how vulnerable many organizations still are to cyber attacks leading to very costly data breaches. Investing in improving cyber defenses and response plans pays off by reducing breach costs.

What are the costs per compromised record?

Looking at costs from another perspective, IBM’s report found that the average cost per lost or stolen record costs:

  • $161 per lost or stolen record globally
  • $236 per lost or stolen record in the US

This looks at the total breach costs divided by the number of records breached. These per record costs can add up quickly for large-scale breaches involving millions of customers’ data being compromised.

How do costs differ by industry and region?

The cost of a data breach can vary significantly depending on the organization’s industry and geographic region.

Costs by Industry

Some industries that deal with very sensitive data incur substantially higher breach costs. According to IBM:

  • Healthcare had the highest average breach costs at $9.23 million.
  • Financial services followed at $5.72 million.
  • Pharmaceuticals at $5.04 million.
  • Technology at $4.88 million.

Industries with lower regulatory oversight and less sensitive data had lower average breach costs, like retail at $3.11 million and media at $2.71 million.

Costs by Region

There was also significant regional variation in the average per record breach cost:

  • United States – $236 per record
  • Middle East – $167 per record
  • Canada – $138 per record
  • Europe – $119 per record
  • Asia Pacific – $110 per record
  • Latin America – $94 per record

The much higher cost in North America may reflect stricter data protection laws and regulatory penalties in the US and Canada.

What are some real-world examples of breach costs?

Looking at actual cyber attacks against specific companies shows how expensive the aftermath can become in real-world situations:

Capital One – $140 to $150 million

In 2019, a hacker accessed personal information relating to 100 million credit card applications of Americans and Canadians. Capital One estimated it would incur $100-150 million in costs related to the incident, including legal support, customer notifications, and incremental technology costs.

Equifax – $1.4 billion

The massive 2017 data breach at Equifax compromised the personal information of 148 million Americans. The total costs to Equifax were estimated at $1.4 billion by the end of 2019, including a $700 million settlement with the Federal Trade Commission.

Target – $292 million

Retail giant Target experienced a high-profile breach in 2013 impacting 41 million payment card accounts. Total costs incurred by Target reached $292 million, including legal fees and re-issuing compromised payment cards.

Yahoo – $350 million

Yahoo suffered multiple data breaches over the years, with all 3 billion of its user accounts compromised. In 2016, Yahoo revealed a breach from 2014 had impacted 500 million accounts. The company ended up spending $350 million related to the incident, excluding legal costs.

How can organizations prepare for and minimize breach costs?

While data breaches are becoming more common, there are steps organizations can take to help strengthen their security posture, reduce risks, and minimize costs if they do suffer a cyber attack and data breach:

  • Conduct security training and awareness programs for all staff to reduce human errors that often lead to breaches.
  • Implement strong access controls and password policies, requiring multi-factor authentication for sensitive systems and data.
  • Keep software patched and up-to-date to close security vulnerabilities. Automate patch management processes where possible.
  • Secure endpoints with advanced malware and ransomware protection along with encryption.
  • Back up critical systems and data regularly, with at least one offline backup copy.
  • Establish an incident response plan with defined procedures to contain and manage breaches.
  • Purchase adequate cyber insurance to offset costs related to attacks, including notifications, investigations, and potential legal liabilities.
  • Hire experienced cybersecurity staff and consultants to strengthen defenses and provide expertise.
  • Conduct cyber attack simulations to identify gaps and improve response effectiveness.

Making cybersecurity a priority and implementing strong defenses greatly reduces the risks. But even well-prepared organizations need to plan for the worst. Understanding the major cost factors can help justify investments that substantially lower data breach costs.


In summary, cyber attacks and data breaches come at a very high cost for most organizations impacted. With average breach costs now exceeding $4 million globally, and $9 million in the US, these incidents represent serious financial risks. The specific costs incurred depend on the nature and scale of the breach as well as regulatory requirements. But the expenses related to incident response, investigations, technical fixes, legal services, fines, customer protection, and reputational damage can add up quickly. However, upfront investments in security measures, risk management programs, and incident response plans can significantly reduce these post-breach costs. Organizations that make cybersecurity a priority are much better positioned to avoid or minimize the catastrophic costs of an attack.