Glossary
Data breach
An incident where confidential data is accessed or stolen by an unauthorized party, triggering forensics, legal and notification obligations.
A data breach is any unauthorized access to or exfiltration of data you were supposed to protect. The bill is mostly forensics, legal counsel and notification, not a tidy per-record figure. Insurer claims data finds total cost tracks revenue, not the number of records lost, so multiplying your database size by a headline per-record number gives a wildly wrong answer.
In the EU and UK a reportable breach brings GDPR exposure, though the 4% headline fine is a ceiling, not an expectation. The thing that genuinely raises the cost is failing to report. Full breakdown.