Tool · Free Cost-of-Incident Calculator
What would a cyber incident actually cost your business?
Four questions. Two minutes. You get a defensible dollar range across direct response, operational downtime, customer churn, legal and regulatory exposure, and the insurance premium hike — adjusted for your industry, revenue, headcount, and current coverage.
What's your annual revenue?
Used to estimate operational downtime cost — every day of halt is lost revenue.
What the calculator gives you
Four lenses on your real exposure.
Total exposure range
A defensible dollar range — not a single point estimate — across direct response, operational downtime, customer churn, legal and regulatory exposure, and the inevitable insurance premium hike at next renewal.
Out-of-pocket after insurance
Most policies leave 25-70% of the incident cost on your balance sheet — deductibles, sub-limits, ransomware exclusions, AI exclusions added in 2024 renewals. We model that gap so the number reflects reality, not the brochure.
Industry-specific framing
Healthcare carries HIPAA-OCR exposure that retail doesn't. Manufacturing gets hit with operational downtime that pure professional services don't. The calculator applies the multiplier your industry actually faces.
Recovery time visual
How many business days you'd be in recovery mode — paused operations, halted billing, customer-support backlog, active forensic investigation. Translated into calendar days, work weeks, and IT person-hours.
Who runs this
Owners who need a real number, not a vibe.
CEO / Founder
You make the cybersecurity budget call. The calculator gives you a defensible dollar number to take to the board or your CFO — not a vague claim that you 'should invest more'.
COO / President
Operational continuity is your responsibility. The recovery-time visual translates a breach into paused billing, halted shipments, and the customer-support backlog you'd be cleaning up for months.
CFO
You're skeptical of vendor scare tactics — fair. The calculator shows the math behind every line. Direct cost is calibrated against IBM and Verizon DBIR averages. Recovery is Sophos State of Ransomware. Every assumption is visible.
GM of a regulated business unit
You answer to corporate cybersecurity but you own the P&L. The calculator gives you a unit-level number so you can decide whether to lobby for centralized investment or buy your own controls.
FAQ
Questions about the calculator.
How accurate is the calculator?
Calibrated against four research anchors: IBM Cost of a Data Breach 2024 (US average $9.36M), Verizon DBIR 2024 (small business median $80k-$200k direct), Sophos State of Ransomware 2024 (average ransom $2M, 24-day downtime), and CISA/SBA small-business breach closure rates (60% close within 6 months). Industry multipliers reflect regulatory exposure differences. The result is a range, not a single number — because every real breach is different. Use it as a budgeting input, not a quote.
Why a range instead of a single number?
Because every breach has a low end (well-prepared, quick detection, retained counsel on speed-dial) and a high end (delayed detection, no IR plan, public disclosure, multiple regulators). The low end of the range assumes you're more prepared than average; the high end assumes you're less. Most businesses land in the middle.
Is this for US businesses only?
Yes. EFROS serves only US clients, so the calculator anchors in US frameworks — HIPAA, HHS-OCR Section 1557, PCI-DSS, NYDFS Part 500, state breach notification laws, FTC Section 5. We don't model EU GDPR, UK ICO, or other non-US regimes here. If your US-based business has EU customers, additional jurisdictional analysis is needed outside this calculator.
What happens to my email?
Your name, email, company, and phone are stored in EFROS-controlled D1 storage on Cloudflare. Used to deliver this report, follow up if you ask us to, and notify you about future research updates. Not shared with third parties. Subject to the EFROS privacy policy. Unsubscribe with one click.
What does an EFROS engagement actually look like?
A typical managed engagement covers: endpoint hardening + EDR, identity protection (MFA + conditional access), email + DNS filtering, an incident-response retainer with a 24-hour SLA, and a quarterly tabletop exercise. Plus 24/7 monitoring and a fractional CISO on retainer. The investment is a fraction of the exposure range shown above.
What if I've already been breached?
If you're handling an active incident right now — ransomware demand, suspicious account activity, business email compromise, data theft — don't fill out a calculator. Use our emergency lane at /incident-response-emergency/ for a 60-minute response triage.
Saw the number. Ready to talk?
EFROS managed engagements cover endpoint hardening, identity protection, email and DNS filtering, incident-response retainer, and quarterly tabletops. The investment is a fraction of the exposure above.