Cyber Security Training & Software for Companies | MetaCompliance


Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters



Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 

Financial Services

Creating A First Line Of Defence For Financial Service Organisations


A Go-To Security Awareness Solution For Governments


A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives



From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

MetaCompliance | Cyber Security Training & Software for Employees


With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes


Meet the MetaCompliance Leadership Team


Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Calculating The Heavy Cost of Data Breaches in 2021

Cost of a data breach

about the author

Share this post

When we talk about data breaches, it’s common to only refer to the “records” that were exposed. The problem with this is that without factoring in the cost of data breaches, we lack context. After all, there are few clearer illustrations of business impact than how much it dents the bottom line.

In this article we’ll look at:

  • Why data breaches happen.
  • Main factors that drive data breach costs.
  • Average cost of a data breach.
  • Examples of data breaches in 2020 and 2021.
  • How much these data breaches might have cost.
  • What your organisation can do to mitigate the impact.

(If you’re short on time there’s a tl;dr summary at the end of the article)

Why Do Data Breaches Happen?

We have three main categories of data breach causes: human error, malicious attack, and system glitches.

But, thanks to an IBM Security report on the costs of data breaches, we can see that rarely is the techy side of things entirely to blame. No, 75% of the time, it’s the fleshy bit using the technology that’s at fault. Either through human error, or some form of malicious attacks. 

Data breach causes

Source: Cost of Data Breach Report 2020, IBM Security

Looking at the malicious attack category a bit closer, we can see that dodgy cloud configurations and weak passwords can take a good chunk of the blame. Both of which can actually be mitigated with regular security awareness training and an effective security policy.

data breach threat vectors

Source: Cost of Data Breach Report 2020, IBM Security

The complexity of modern security systems has no doubt led to the increased challenges faced by security teams. As different parts of the organisation need to tap into more external software, that opens up another threat vector to protect against. It’s also hard to ignore phishing attacks as a potential threat vector, as they account for 14% of malicious data breaches.

Calculating the Cost of Data Breaches

There are many factors to consider if we want to try and work out how much a data breach is likely to cost, but fundamentally we can break it down into four key cost centers:

  • Detection and escalation: that’s anything a company does to detect a breach, like auditing services, for example.
  • Notification: once an organisation has figured out there’s a problem, they need to communicate with not only their data subjects, but also regulators, legal experts, and regulatory consultants.
  • Lost business: depending on the nature of the breach, an organisation can experience downtime which hits revenue, then longer term they’ll have to deal with brand damage.
  • Ex-post response: after the breach has happened, and impacted users have been notified comes the influx of  queries, potential legal costs, fines, and maybe offers and discounts to restore a bit of that tarnished goodwill.

On top of those main cost centers, there are a few more factors we can take into account. For example, the cost per record varies by country and industry, with US healthcare records being the most costly.

Then there’s the type of data itself. Customer PII (personally identifiable information) is the costliest and by far the most compromised type of data. But across the board, we can see the average cost per record for small to large data breaches clocks in at an unnerving $146.

Data breach cost by type

Source: Cost of Data Breach Report 2020, IBM Security

We say “small to large” because there’s another, scale-based cost factor:

The dreaded “mega breach”.

Any breach that involves more than 1 million records is defined as a mega breach; it represents an absolute worst case scenario for the organisations involved. These are also the breaches we hear about the most, simply because they are so big. 

Data breach average total cost

Source: Cost of Data Breach Report 2020, IBM Security

Being so vast, they also need to be analyzed separately from the small to large breaches, otherwise they’d end up skewing the numbers.

Recent Data Breaches and How Much They Cost

Based on the numbers above, we can estimate how much some of the more high profile data breaches have cost these companies.

In no particular order, here’s a look at some of the bigger data breaches we’ve seen over the last 12+ months or so, and how much they’ve cost.

533 Million  – Facebook, April 03, 2021

Estimated cost: $3.7 billion

Type of data exposed: phone numbers, date of birth, locations (inc. historic data) full name, some email addresses.

In early April 2021, it emerged that the personal information of more than half a billion Facebook users had been leaked. Facebook declined to notify impacted users (perhaps as a cost saving exercise, as we know that notification and ex-post response are two of the main cost centers) after their data was scraped by exploiting a vulnerability in a now sunsetted feature. 

250 Million – Microsoft, January 22, 2020

Estimated cost: $1.8 billion

Type of data exposed: email addresses, IP addresses, chat logs.

2020 was barely getting its boots on before Microsoft announced a major breach. While they didn’t cover figures, estimates peg the exposed record count at 250 million. Those records contained email and IP addresses, as well as chat logs between support staff and customers. Microsoft admitted this breach was the result of a “misconfiguration of an internal customer support database”.

9 Million – EasyJet, May 12, 2020

Estimated cost: $50 million

Type of data exposed: credit and debit cards

In May 2020, EasyJet announced 9 million customer records had been “accessed” in what they described as a “highly sophisticated cyber-attack”. This attack came at a bad time for EasyJet, as the pandemic’s impact was starting to take hold and involved credit card data. It also led to 10,000 people joining a lawsuit against EasyJet. Depending on the outcome of this case, the $50 million estimation may move into the billions, as each of the victims may be entitled to $2,500.

5.2 Million – Marriott, March 31, 2020

Estimated cost: $50 million

Type of data exposed: names, address, some phone and emails

The hotel leviathan, Marriott, revealed 5.2 million guests had had their data exposed after hackers obtained the login details of two employees. This was on top of an earlier breach in 2018 when one of Marriott’s subsidiaries was hacked, revealing millions of unencrypted passport numbers and credit card records.  

What Can Your Organisation Do To Mitigate The Impact?

It’s evident that organisations of all shapes and sizes are not completely immune. Be it carelessness or malicious intent, when you have people interacting with machines, there are always going to be weak points.

You’ll also have people willing and able to exploit those weak points. 

It’s not all doom and gloom, though because there’s plenty of things that your organisation can start doing right away to reduce the likelihood of a data breach.

Data breach cost factors

Source: Cost of Data Breach Report 2020, IBM Security

  • Incident response testing: Knowing what to do when the worst happens can save your organisation over $230,000. Incident management tools help you pull all of the moving parts together, giving you an overview of the lifecycle of an incident when it happens. But it’s also vital that you put all of that to the test with simulated attacks. It’s not just the IT team who need to be involved in testing. Everyone from salespeople to support staff should be involved. Particularly with the constantly evolving nature of threats like phishing and ransomware. 96% of data breaches originate from email but running simulated phishing attacks to prepare your team and doesn’t have to be costly or time consuming.

  • Security awareness training: The rise in remote working has added another layer of vulnerability, as employees use potentially insecure devices and connections to access sensitive data. So, now more than ever, employee cyber security training has the potential to reduce the risks (and potential costs) of data breaches.

  • Extensive encryption: Many high profile data breaches have involved cases where sensitive data has been stored in unencrypted files, with passwords and credit card data sometimes just sitting there, unhashed, in plaintext. Rolling out company-wide encryption can have a massive impact, but it still relies on your employees being up to speed. Which leads nicely into the next solution.

  • Policy management: If solutions like encryption are going to work, you need to have an effective cyber security policy in place and, even more importantly, make sure everyone knows what they’re supposed to be doing. Traditional approaches to policy management often involve HR having to chase down team members, sending increasingly irate emails asking if they’ve read and understood the new cyber security policy. And, if said team member has read it, can they please sign it and return it? Please? Instead, by deploying a cyber security policy management platform your organisation can spot gaps in staff knowledge, deficiencies in policy, and keep the costs of data breaches to a minimum.


  • They can be cripplingly expensive: globally, data breaches cost organisations, on average, £2.8m per breach
  • Most data breaches are malicious: more than half of all data breaches are the result of some sort of malicious activity.
  • As Mum always said, “prior preparation and planning prevents poor performance”: Having an incident response team, testing your incident response plan, using encryption, and educating your users have some of the biggest impacts.

Cyber Security Awareness for Dummies

Other Articles on Cyber Security Awareness Training You Might Find Interesting