Skip to main content

Understanding Cost of Breach Estimate

A transparent walkthrough of how Cye Platform calculates Cost of Breach, what drives the numbers, and how to respond to common questions or challenges from stakeholders.

Overview

The Cost of Breach (CoB) is Cye Platform's estimate of the financial damage your organization would face in a cyber incident. This article explains how the CoB V2 model works, what inputs shape your number, and how to respond when stakeholders challenge the estimate.

How the Model Works

Cye Platform utilizes a machine-learning engine trained on 250,000+ real-world events. By synthesizing data from Advisen's cyber loss database (over 90,000 real-world cyber events), Ponemon Institute, actuarial insurance models, and CYE's own Incident Response Team data, we achieve an R² score of 0.93.

With an R² score of 0.93, the model accounts for 93% of the variables that dictate actual loss. It moves beyond "low/medium/high" labels and provides a statistically validated financial range.

The Three Pillars of Your CoB Estimate

The CoB is not a generic industry average. It is a precision-engineered calculation that cross-references your specific business profile with your technical maturity. Accuracy in these inputs ensures the model reflects your actual financial risk.

1. Company and Operational Profile


This data establishes the baseline for your legal and operational reality.

  • Industry / Sector: Breach costs vary significantly across verticals (e.g., healthcare vs. manufacturing).

  • HQ Location: Reflects the specific regulatory environments and legal costs of different countries.

  • Company Age: A key variable used to model potential reputation damage.

  • Annual Revenue: Used to estimate lost revenue and the scale of business continuity impact.

  • Number of Employees: Directly affects the calculation of productivity loss.

  • Total Annual Salaries: Used to model the specific cost of downtime per employee.

  • Revenue Dependency on Uptime (%): Defines the proportion of revenue that stops the moment a disruption occurs.

  • Employee Productivity Dependency (%): Quantifies how much of your workforce is digitally dependent.

2. Customer and Data Profile

This section defines the "payload" at risk and the secondary market effects of a breach.

  • Number of Customers: Drives the estimation for regulatory fines and notification costs.

  • Data Types Stored: PII, PCI, and PHI each carry distinct regulatory, legal, and forensic exposure.

  • Number of Direct Competitors: Used to model customer churn and the long-term impact of reputation erosion.

3. Cybersecurity Maturity (NIST CSF)


Your technical posture is the most significant "discount" or "premium" on your CoB. Real-world data confirms that organizations with resilient infrastructures face lower financial impacts.

  • Maturity Influence: Stronger detection, response, and containment capabilities directly lower the modeled financial impact.

  • Score Gaps: Low or missing NIST CSF maturity scores will increase the CoB estimate, as the model must assume a higher cost of containment.

  • Granular Impact: To identify which specific technical controls are driving your CoB, navigate to the Maturity page and apply Filters > Impact risk metrics.

CoB Breakdown by Business Critical Asset

Cye Platform categorizes costs across five Business Critical Assets (BCAs) to identify the primary drivers of financial exposure

  1. Customer Information: Regulatory fines, notification costs, legal fees, and customer churn.

  2. Employee Information: Similar categories applied to internal personnel data.

  3. Business Continuity: Operational downtime, lost revenue, and productivity loss.

  4. Intellectual Property: Loss of trade secrets, competitive disadvantage, and IP theft.

  5. Reputation: Long-term brand damage and market share loss.

The Breakdown by Business Assets tab is the primary tool for explaining the total figure to stakeholders by showing exactly where the potential costs originate.

Direct vs. Indirect Costs

To provide granular transparency into the estimate, Cye Platform categorizes breach costs by liability type. These are visible in the Breakdown by First & Third Party tab:

  • Direct: Quantifiable financial losses that result from a breach, such as downtime, ransom payments, and productivity loss.

  • Indirect: Long-term strategic impacts that are harder to measure but often significant, such as reputational damage, customer churn, and loss of intellectual property value.

    • Indirect costs often accumulate over time and can ultimately exceed direct costs, particularly for companies where brand trust or IP are core business assets. Both categories are included in your CoB estimate.

Improving CoB Accuracy

If the CoB estimate does not accurately reflect your organization, use the following levers to calibrate the model

  • Refine the Business Profile: Open the Cost of Breach calculator from the left sidebar. Update any fields that were estimated, skipped, or have recently changed (e.g., revenue growth or new customer count).

  • Complete NIST CSF Scoring: Focus specifically on subcategories flagged as CoB-impacting. These have a direct, measurable effect on the final output.

  • Review Asset Breakdowns: Use the Breakdown by Business Assets tab to identify which BCA (e.g., Intellectual Property vs. Reputation) drives the largest cost share. Verify that the underlying inputs for that specific asset are accurate.

  • Consult with CYE: If the estimate still does not align after internal calibration, your Technical Account Manager (TAM) can provide a detailed walk-through of the model inputs and actuarial assumptions.

Important notes

  • Dynamic Maintenance: CoB figures should be updated whenever key business metrics change (revenue, headcount, or customer base) to ensure the model reflects your current financial footprint.

  • Immediate Updates: Cye Platform recalculates the CoB automatically after inputs or maturity scores are updated.

  • Visibility: The CoB range is visible in the Exposure Metrics top ribbon for quick access across all platform views. This ribbon reflects the total CoB across default BCAs.

  • Exclusions: The model predicts statistically expected loss, not worst-case outliers. Only default BCAs are included in the modeled calculation; custom assets are excluded.

FAQ: Calibrating the Estimate

Why is my CoB so high if we’ve never been breached?


CoB models what a breach would cost, not the probability of it happening. High potential costs are driven by what is at stake, such as large volumes of sensitive data or heavy reliance on system uptime, regardless of past incident history.

Our industry is traditionally "low risk"—why is the estimate high?


While some sectors have lower regulatory exposure, the model may be detecting high risk in other areas. For example, Manufacturing or Logistics sectors often face significant Business Continuity and IP exposure that the model accounts for even if "data theft" is less common.

What if the maturity scores don't reflect our actual controls?


If NIST CSF scores are incomplete or scored conservatively, the model assumes lower resilience and inflates the CoB. Completing the maturity assessment is the most direct way to calibrate and likely lower the estimate.
Use Filters > Impact risk metrics in the Maturity page to see exactly which subcategories are influencing your CoB.

Why am I seeing "No Impact" or "N/A" results?


This usually indicates missing inputs. If required fields like Number of Customers or Annual Revenue are left blank, the model cannot calculate a value for related assets. Ensure all fields in the CoB calculator are populated to ensure accuracy.

What is the difference between CoB and Exposure?


Understanding the relationship between these metrics is critical for prioritization: Exposure = Likelihood of Breach × Cost of Breach

  • Cost of Breach (CoB): The total "bill" for a single disaster. It represents what is at stake.

  • Exposure: The statistically expected financial loss over time given your current risk posture.

Two organizations can have identical CoB figures but wildly different Exposure values based on their open findings and attack paths. While a high CoB defines the scale of the risk, the Likelihood and Exposure figures dictate the urgency of action.

Wrap-up / Next Steps

  1. Validate Business Inputs: Open the Cost of Breach calculator and ensure all fields—especially revenue, salary totals, and customer records—are accurate.

  2. Refine Maturity: Focus on the subcategories flagged as "CoB-impacting" on the Maturity page to see an immediate effect on the financial model.

  3. Address Findings: Use the Mitigation Planner to reduce the Likelihood of Breach for your most expensive assets.

See also:

Related Articles
Cost of Breach in Cye Exposure Management Platform
How The Cye Platform Calculates Cost of Breach (CoB V2)
Inputting Cost of Breach Data (CoB V2)
Reviewing Cost of Breach Results (CoB V2)
How the Exposure Calculation Works
Did this answer your question?