Frequently Asked Questions
How is the breach cost per record calculated?
The cost per record is based on the IBM and Ponemon Institute Cost of a Data Breach Report 2024. The global average is $164 per compromised record, but varies by industry: Healthcare ($408), Financial Services ($262), Retail ($169), Hospitality ($152), and Other ($164). These figures include direct costs (forensic investigation, notification, legal) and indirect costs (lost business, reputational damage).
What factors affect PCI compliance ROI?
The primary factors are: annual revenue (determines base compliance investment), number of card records at risk (drives expected breach cost), current compliance maturity (affects both breach probability and investment required), and industry (determines cost per compromised record). Higher record volumes and lower maturity levels generally produce higher ROI from compliance investment.
Is this calculator accurate for my business?
This calculator provides estimates based on industry averages from the IBM/Ponemon Cost of a Data Breach Report 2024. Actual costs vary significantly based on organisation size, geography, breach severity, regulatory environment, incident response capability, and cyber insurance coverage. Use these results as a starting point for business case discussions, not as precise financial projections.
What is breach probability based on?
Breach probability percentages are derived from industry studies correlating compliance maturity with breach likelihood. Organisations with no compliance controls face approximately 25% annual breach probability, decreasing to 15% (basic controls), 8% (moderate/SAQ complete), and 3% (advanced compliance). These figures reflect statistical averages across industries and organisation sizes.