# Incident Response Cost Estimator > A free, interactive calculator that helps security leaders, risk managers, and executives quantify and plan for the full financial impact of cybersecurity incidents. Built and maintained by the Breached.company network. ## About This Tool The Incident Response Cost Estimator at https://ircost.breached.company calculates per-incident and annualized costs across eight incident types (data breach, ransomware, DDoS, insider threat, phishing, supply chain attack, cloud misconfiguration, and AI/ML system attacks). It accounts for: - Organization size (small through enterprise) - Industry risk multipliers (finance, healthcare, retail, manufacturing, technology, government, education) - Regional regulatory exposure (16 jurisdictions including GDPR, CCPA/CPRA, Texas TDPSA, NY SHIELD Act, Montana MCDPA, Oregon CPA, and more) - Compliance frameworks (PCI-DSS, HIPAA, GDPR, CCPA, SOX, GLBA, CPRA, SHIELD Act, CMMC) - In-house vs. outsourced IR team cost comparison - Breach notification costs by method (email, physical mail, phone, media notice, premium service) - Regulatory fine exposure (per-record and base fines by jurisdiction) - Existing capability discounts (security monitoring, playbooks, automation, threat intel, training, AI detection, tabletop exercises) ## Key Data Points (2025–2026) - US average cost of a data breach: $10.22M (IBM Cost of a Data Breach Report 2025, record high, +9% YoY) - Global average cost of a data breach: $4.44M (IBM 2025, first decline in 5 years) - Organizations using AI/automation extensively save ~$1.9M per breach and cut lifecycle by 80 days (IBM 2025) - Shadow AI adds $670K to average breach cost (IBM 2025) - Ransomware present in 44% of all breaches, up 37% YoY (Verizon DBIR 2025) - Third-party/supply chain breaches doubled to 30% of all breaches (Verizon DBIR 2025) - Insider risk costs $19.5M annually on average; containment $211K per incident (Ponemon 2026) - Ransomware base response cost: $85,000+ before multipliers - Supply chain attacks: longest average response duration (180 hours) - GDPR fines: up to 4% of global annual revenue or €20M, whichever is greater - Hourly rates: IR analysts $165/hr, forensic specialists $325/hr, legal $400/hr ## Methodology Cost estimates are directional and based on 2025–2026 industry benchmarks: - IBM Cost of a Data Breach Report 2025 - Verizon Data Breach Investigations Report 2025 - Ponemon Institute 2025/2026 Cost of Insider Risks Report - Current market rates for cybersecurity professionals All figures are estimates for planning purposes and not legal or financial advice. ## Pages - [Home / Calculator](https://ircost.breached.company/) — The interactive IR cost calculator - [How It Works](https://ircost.breached.company/how-it-works) — Full calculation methodology, formula breakdown, incident type reference table, and data sources - [Privacy Policy](https://ircost.breached.company/privacy-policy) — Privacy policy - [Terms of Use](https://ircost.breached.company/terms-of-use) — Terms of use ## Related Tools (Breached.company Network) - [Cyber Insurance Calculator](https://cyberinsurancecalc.com/) — Estimate cyber insurance premiums - [IR Maturity Assessment](https://ir.breached.company/) — Evaluate incident response capabilities - [Data Breach Cost Calculator](https://databreachcostcalculator.com/) — Financial impact of data breaches - [Breached.company](https://breached.company/) — Security breach news and analysis