Cybercriminals aren't selective in the way a lot of business leaders assume. They're not just targeting household names and bypassing everyone else. They're looking for the path of least resistance — and businesses with fewer security resources and less mature defenses are frequently it.
Most business leaders significantly underestimate what a cyber incident actually costs — and by the time they find out, it's too late to budget for it. So in this blog, I’ll outline what businesses are actually up against, but also, practical steps they can take to protect themselves.
What a Cyber Incident Actually Costs

The average costs of a data breach have now reached $10.22 million, which is why
many small to mid-sized businesses never recover from a single but catastrophic incident.
Here’s why the costs can be so high:
Incident Response
Bringing in outside experts to contain and investigate an incident can often be in the tens of thousands of dollars, sometimes higher. That's before any legal obligations are triggered. Depending on your state's disclosure laws, you may be required to notify affected customers, partners, or regulators regardless of the outcome.
Ransom Payments
The FBI advises against paying ransoms — paying won’t guarantee that you’ll get your data back, and it signals to attackers that you're willing to pay. Still, the median ransom payment last year was $115,000.
Recovery and Restoration
Even organizations that respond quickly don't recover quickly. IBM found that businesses able to contain a breach still took more than 100 days on average to fully restore operations. If backups were compromised — which attackers increasingly target — that timeline gets longer and costlier.
Legal and Compliance Costs
Attorney fees for breach notifications, regulatory response, and potential litigation can escalate quickly. If customer data was exposed, you may also face regulatory fines. In a data breach scenario, those costs average almost $1.6M.
Equipment and Infrastructure
Depending on the scope of the attack, hardware may need to be wiped or replaced entirely. For organizations running dozens or hundreds of endpoints, that's a significant unplanned expense — compounded by the cost of rebuilding any compromised infrastructure.
Operational Downtime
Every hour systems are down, the business isn't running. That results in lost revenue, wages paid for unproductive time, and customer commitments missed. It’s difficult to put a price tag on each of these, but collectively, IBM found that lost business costs averaged $1.38M in 2025 across organizations of all sizes.
Insurance and Borrowing Costs
A cyber incident often triggers a cyber insurance rate review, with organizations that couldn't demonstrate adequate security controls before the incident facing significantly higher renewals.
A breach can also affect your credit standing, leading to higher borrowing costs that compound quietly long after the incident is resolved.
Reputation and Customer Trust
The damage here is real, but harder to put a solid number on across all businesses.
So let’s take the example of M&S, a UK retailer with more than 1,000 stores. After they were attacked, it’s estimated that they lost more than £40 million in weekly sales.
Why a Cybersecurity Incident Response Plan Changes the Math

Most of the costs I outlined above aren’t fixed! How prepared you are before an incident is a huge factor in how expensive it becomes after one. In fact, faster detection and containment is the single biggest cost driver — and it's directly tied to whether you have an existing cybersecurity incident response plan.
A cybersecurity incident response plan isn't a document you file away and forget. At a minimum, it should define:
-
Who is responsible for what when an incident occurs
-
How your incident response team will communicate internally and externally — including with customers, regulators, and insurers
-
What your containment and eradication steps look like for common attack types
-
How evidence will be preserved for legal and insurance purposes
-
What the recovery process looks like, and what success looks like at each stage
-
When and how to involve outside incident response solutions and specialists
Want more context about what your plan should include? Click the link below.
The Easiest Way To Add an Incident Response Team
Most business leaders I work with already have most of the cybersecurity basics in place. The lack of a cybersecurity incident response plan — one that executive leaders are bought into and sponsor — is usually the biggest gap. And that makes complete sense. It's easy to focus on the tools that prevent an attack and much harder to think through, step by step, what will actually happen if one gets through anyway.
That’s why the IT and cybersecurity teams at Marco got together to plan out a new service that would fill the gap. Our breach readiness service combines guided incident response plan development, continuous vulnerability scanning, and an annual tabletop exercise to stress-test your preparedness — backed by 24/7 access to an incident response team if the situation calls for it.
It's a practical starting point for closing the gap between where your cybersecurity posture is today and where it needs to be.