Breach Cost Estimation

Every finding and attack chain in cloud-audit includes an estimated financial risk range based on published breach data.

Sources

All cost estimates link to their primary source:

• IBM Cost of a Data Breach Report 2024 - $4.88M average breach cost, 258 days average detection
• Verizon Data Breach Investigations Report - 24% credential-based attacks, 77% web app attacks
• OCC enforcement actions (Capital One $80M, Uber $148M)
• CircleCI, Codecov incident reports

How It Works

Each check has a cost range (low/high USD) in the cost model. Attack chains use a compound risk multiplier of 2.5x because chained vulnerabilities have higher impact than individual findings.

+---- Health Score ----+
|  42 / 100            |   Risk exposure: $725K - $7.3M
+----------------------+

Individual findings show per-finding cost. Attack chains show per-chain cost with the compound multiplier applied. The total risk exposure is capped at $10M and avoids double-counting findings that appear in both individual and chain results.

In Reports

• CLI: Risk column next to each finding
• HTML report: Red risk panel with source links
• JSON output: Full CostEstimateData model with rationale and source URLs
• Markdown: Clickable source links per finding

Verification

Every cost estimate includes a source_url field. The source pages were verified via WebFetch during development. If a source link becomes stale, please open an issue.