Ask Jack: What Is The True Cost Of A Data Breach For Smaller Organizations?

By Jack McCalmon, The McCalmon Group, Inc.

With inflation, I have to make hard choices on budgets. Are data breaches a real risk for organizations outside the Fortune 500?


Data breaches are an apex risk for all organizations, large and small.

According to one source, cyberattacks have increased 32 percent from last year. One cause cited for the latest increase is the war in Ukraine, but the risk was escalating prior to the war.

A small business in the United States or Canada may conclude that it has nothing to worry about because it is not a government or a defense contractor, but that would be a mistake.

IBM estimates that the average cost of a cyberattack for organizations in the United States is approximately $4.35 million. In Canada, the cost is $7 million. Obviously, large breaches drive these averages higher.

Of course, every data breach is unique, so no one knows the true average cost for small employers. A major breach against a Fortune 500 company will have a far greater cost than a breach against a small employer, but the risk exists nonetheless. Smaller organizations have fewer resources with which to address an attack. If an attack involves the loss of consumer sensitive information, like credit card or Social Security numbers, then the public relations and financial harm to a small organization may be insurmountable.

So, the takeaway is: don't ignore or downplay the risk of a cyberattack, no matter the size of your organization. I also understand budgets are tight; so work with your agent/broker and see what resources are provided as part of your cyber coverage.


Jack McCalmon, Leslie Zieren, and Emily Brodzinski are attorneys with more than 50 years combined experience assisting employers in lowering their risk, including answering questions, like the one above, through the McCalmon Group's Best Practices Help Line. The Best Practice Help Line is a service of The McCalmon Group, Inc. Your organization may have access to The Best Practice Help Line or a similar service from another provider at no cost to you or at a discount. For questions about The Best Practice Help Line or what similar services are available to you via this Platform, call 888.712.7667.

If you have a question that you would like Jack McCalmon, Leslie Zieren, or Emily Brodzinski to consider for this column, please submit it to Please note that The McCalmon Group cannot guarantee that your question will be answered. Answers are based on generally accepted risk management best practices. They are not, and should not be considered, legal advice. If you need an answer immediately or desire legal advice, please call your local legal counsel.


Finally, your opinion is important to us. Please complete the opinion survey: