METHODOLOGY & SOURCES
Base cost: Construction sector breach average of $5.9M draws from IBM Cost of a Data Breach Report 2024 professional services data, adjusted for construction-specific risk factors including BEC exposure, bonding impact, and subcontractor data liability. Calculator scales from that baseline using revenue, work type, security posture, and wire volume.
BEC wire fraud: FBI IC3 Business Email Compromise Report 2023 reports construction as one of the highest-exposure industries, with average losses of $300,000+ per incident. Wire volume multiplier reflects the direct financial exposure of monthly transaction volume.
Cost breakdown: IBM 2024 attributes ~38% to lost business and client trust, ~27% to detection/response, ~20% to legal and contract penalties (including owner claims and liquidated damages), and ~15% to notification and fraud recovery costs.
Downtime: Statista and Coveware report an industry average of 24 days of operational downtime following a ransomware attack. For construction, project management and estimating software recovery adds timeline exposure beyond standard IT restoration.
Client churn: Ponemon Institute Consumer Aftermath Study: 70% of organizations would reconsider supplier relationships after a breach. For construction, the trust damage extends to owners, sureties, and subcontractors — each representing significant revenue concentration risk.
Disclaimer: Estimates are for planning purposes only. Actual costs vary by incident type, jurisdiction, and firm-specific factors. Consult a qualified cybersecurity professional for a firm-specific assessment.
Sources: IBM Cost of a Data Breach Report 2024 • FBI IC3 Business Email Compromise Report 2023 • Ponemon Institute Consumer Aftermath Study • Statista / Coveware Ransomware Benchmarks 2024