Overview
This article explains how to complete the data inputs for the Cost of Breach (CoB) calculator in the Cye platform. You'll enter your organization's business profile and complete the relevant NIST CSF maturity subcategories. The calculator turns this data into a financial estimate of the damage a cyberattack could cause your organization, so the more accurate your inputs, the more meaningful your results.
1. Open the Cost of Breach Calculator
You can start or update the calculator by doing one of the following:
Click the Cost of Breach icon in the left navigation bar:
Or go to the Exposure Metrics and click the Cost of breach button:
Then click Start or Update Cost of Breach to begin the process:
2. Fill Out the Business Profile
You'll be guided through a form. Mandatory fields are marked with a red asterisk (*), but it's strongly recommended to complete as much as possible for better accuracy.
Fields without an asterisk are optional. Leave one blank only when the value is genuinely unknown to you or not relevant to your organization, for example, you may have no direct competitors to report.
You can also download an Excel template from the bottom left to gather information offline and upload it later.
Key Fields
Founded:
Input Value: The year your organization was founded.
Sector:
Input Value: The industry your organization operates in.
Impact Mechanism: Different sectors carry different breach-cost profiles.
HQ location:
Input Value: The country where your organization is headquartered.
Impact Mechanism: Breach costs vary by country, so this sets the region-specific factors.
Number of employees:
Input Value: Your organization's total headcount.
Impact Mechanism: Breach costs rise as headcount grows.
Customer records:
Input Value: The total number of customer records your organization holds across its systems and products. This includes accounts and contacts in your CRM, and customer data stored in operational systems such as billing or health record platforms.
Record Types Stored
For both employees and customers, select the applicable data types:
PII (Personally Identifiable Information): e.g., name, SSN
PCI (Payment Card Info): e.g., name + credit card data
PHI (Protected Health Info): e.g., test results, diagnoses
Note: PCI and PHI are subsets of PII. If you select either, you'll usually also select PII.
Business Metrics
Number of direct competitors:
Input Value: The number of companies that compete directly with yours, meaning they serve the same market with the same offering.
Impact Mechanism: The greater the number of competitors capable of replacing your offering, the higher your financial risk during a breach, as market share effortlessly shifts to rivals during downtime.
Salaries:
Input Value: Your organization's total annual salary expense in USD, as reported on your profit-and-loss statement.
Impact Mechanism: Higher salary costs translate into larger productivity losses during downtime.
Annual revenue:
Input Value: The total income your organization generates in a year.
Impact Mechanism: The higher your revenue, the more is at risk during downtime, which raises the breach cost.
Revenue dependency on uptime (%):
Input Value: The exact percentage of total corporate revenue directly tied to active system availability. 100%: Revenue generation relies entirely on online assets (e.g., an e-commerce or trading platform incapable of processing orders during downtime).
Lower Percentages: Revenue continues through alternative, non-system channels during an outage (e.g., 70% if offline channels or manual telephone operations successfully process 30% of standard transactions).
Employee productivity dependency on uptime (%):
Input Value: The share of employee productivity that depends on online systems being available. For example, if 60% of your staff rely on online systems and 40% work on paper-based processes, enter 60.
Cyber Insurance (Optional)
Do you have a cyber insurance policy? Yes / No:
Policy limit:
Input Value: The maximum amount your insurer will pay out for covered losses under your cyber insurance policy.
Premium:
Input Value: The amount your organization pays for one year of cyber insurance coverage.
Once completed, click Next to proceed to maturity-related inputs:
3. Complete Maturity Factors (NIST CSF)
You'll now review the NIST CSF subcategories that directly impact CoB calculations. Click Go to the CoB-impacting subcategories to access the filtered view:
To complete maturity scoring:
Follow the Cye platform's guidance to rate each relevant subcategory
Use the appropriate reference if needed:
These ratings influence how the Cye platform factors security posture into the breach cost model.
When you're done, return to the Cost of Breach page to review your results.
4. Viewing Results
Click the Cost of Breach icon again to view your calculated breach impact, broken down by asset type and impact category.
Note: If required fields were left blank (e.g., no customer records entered), related business assets may display No impact in the breakdown.
Also, keep in mind:
Custom business assets are not included in CoB calculations, only the Cye platform's default assets are factored
Regularly update your Business Profile when key metrics change (e.g., revenue, customer records)
Important notes
Even non-mandatory fields (like uptime dependency) can significantly influence CoB results
The NIST maturity section is essential, skipping it will reduce CoB accuracy
Only default business assets (e.g., Reputation, IP, Business Continuity) are used in calculations
Your CoB data feeds directly into Exposure, Risk, and Mitigation planning across the Cye platform
Wrap-up / Next Steps
Your breach cost model is only as good as the data behind it. Accurate business and maturity inputs turn complex risk data into a dollar value your leadership team can understand and act on. If you are unsure how to estimate a field, work with your finance or operations team, it is worth the effort.
When you're ready to explore the results:
See also: [Reviewing Cost of Breach Results (V2)]