// DAMAGE_CALCULATOR.v2

How We Calculate
the Damage

Official figures — fines, settlements, write-downs — are the floor, not the ceiling. Every outage, breach, and collapse sends shockwaves through every company, customer, and market that depended on it. We estimate total societal cost.

01. The Formula

T = D + B + M + R

Direct Losses

Government fines, class-action settlements, product write-downs, legal fees, and direct revenue lost during the incident window.

Downstream Business Costs

Every company that depended on the failed service lost revenue too. We multiply affected businesses by industry-standard downtime benchmarks — or apply per-record costs for breaches.

Market Losses

For public companies: stock price drop × shares outstanding within 30 days of the event. For crypto: total market cap evaporation in affected tokens.

Recovery Overhead

Incident response, forensics, credit monitoring (~$20/affected person for breaches), regulatory compliance remediation, and estimated customer churn from reputational damage.

02. Downstream Business Benchmarks

When AWS goes down, every startup on AWS goes down with it. When a critical library has a zero-day, every company using it faces emergency response costs. We use these published benchmarks to estimate B:

Infrastructure Outage — Cost per Hour by Company Size

Company Size	US $/hour	Global avg $/hour	Source
Enterprise (>1,000 employees)	~$540,000	~$280,000	Gartner, 2024
Mid-size (100–999 employees)	~$91,000	~$47,000	ITIC Annual Survey
Small (<100 employees)	~$8,600	~$4,500	ITIC Annual Survey

Data Breach — Cost per Compromised Record

Region	Per record	Includes	Source
United States	$165	Detection, notification, legal, productivity loss	IBM CODB Report 2024
Global average	$105	Detection, notification, legal, productivity loss	IBM CODB Report 2024
EU (GDPR territory)	~€120	+ GDPR fine component	ENISA / Ponemon 2023

For global outages we weight by each affected country's GDP share. Not every affected company is enterprise-scale, so we apply mid-size benchmarks as a conservative default unless the incident specifically targeted large enterprises.

03. Proxy Estimation Models

When no audit trail, settlement record, or disclosed revenue figure exists — cancelled products, near-misses, fatal accidents, or incidents predating modern disclosure requirements — we apply one of four proxy models. Modelled values are conservative lower bounds and are clearly distinguishable from cited figures in the Incident Explorer.

Model A — User Productivity Loss (UPL)

Applied to service outages with a known user count and measurable downtime window.

UPL = N_users × T_hours × W_avg × 0.5

Variable	Value	Basis
W_avg — knowledge workers, global median	$27 / hr	ILO Global Wage Report 2023
W_dev — software developers, global median	$65 / hr	Stack Overflow Developer Survey 2024
Productivity factor (0.5)	50 %	Partial disruption assumed; not all users were fully blocked

Model B — Sunk Cost Proxy (SCP)

Applied to cancelled products and shut-down services where engineering investment is known but no revenue figure exists.

SCP = team × months × $12,000

$12,000 / person / month = average loaded cost (salary + employer taxes + benefits + tooling) for a technology employee globally. Source: Radford Global Tech Compensation Survey, 2024.

Model C — Statistical Value of Life (SVL)

Applied to incidents where software or engineering failure directly caused fatalities or serious physical injury.

SVL = N_fatal × $12.5M + N_injured × $1.25M

$12.5M = US Department of Transportation Value of Statistical Life (VSL), 2024 dollars, inflation-adjusted from the 2022 guidance of $11.6M. Serious injury is valued at 10 % of VSL per standard actuarial practice. Where known settlements exist, the higher figure is used.

Model D — Averted Cost Estimate (ACE)

Applied to near-misses where a vulnerability was discovered before full exploitation. Estimates the collective remediation cost already incurred across affected systems — not hypothetical future damage.

ACE = N_systems × T_response × W_eng

N_systems = number of affected installations that required emergency patching or auditing. T_response = average engineer-hours per system for triage, patch deployment, and verification. W_eng = $65/hr.

Model E — Dynastic Value Loss (DVL)

Applied to historical incidents (before ~1974, G ≥ 2 generations) with documented fatalities. Estimates the cumulative lifetime economic output of all descendants who were never born as a direct consequence of the failure. DVL is never added to valueBurned — it is displayed separately on article pages to avoid distorting cross-incident comparisons.

DVL = N_fatal × R^G × V_econ

Variable	Value	Basis
R — net reproduction rate	1.2	Conservative surviving-adult rate for pre-modern populations; accounts for child mortality and family size
G — generations elapsed	(2024 − year) ÷ 25	25 years per generation (WHO/UN standard)
V_econ — lifetime economic output	$2,160,000	$27/hr (ILO global median) × 2,000 hr/yr × 40 working years

A person who died in 1284 has approximately 1.2^29.6 ≈ 218 descendants alive today. Their combined economic output dwarfs most direct damage figures — which is precisely why DVL is displayed as a supplementary callout rather than a primary metric. When DVL exceeds twice the primary estimate, this is noted explicitly on the article page.

modelled values in the Incident Explorer and on article pages are produced by one of these models. All other figures are cited from public filings, court records, or company disclosures.

04. Severity Rating

Every incident is rated on a five-point severity scale. The rating reflects the combination of financial damage, number of people affected, breadth of systemic impact, and duration of the disruption — not any single factor alone.

1 — Limited

Localised failure with modest financial impact and a narrow user base affected. Full recovery within hours. No lasting systemic consequences.

2 — Notable

Significant disruption to a single company or service. Measurable financial damage, hundreds of thousands of users affected, or a meaningful regulatory response.

3 — Serious

Major failure with multi-million dollar damage, millions of users or records affected, or cascading impact across dependent services and sectors.

4 — Severe

Industry-wide or national-scale disruption. Hundreds of millions of dollars in damage, tens of millions of users affected, or critical infrastructure degraded.

5 — Catastrophic

Civilisation-scale or multi-billion dollar impact. Critical infrastructure failure across multiple countries, loss of life, or irreversible systemic damage. Marked Major in the archive.

05. Global Impact Map

Each bubble marks the headquarters of the company at the center of the failure. Bubble size scales with estimated total damage. Click any bubble to open the full incident report.

Year: 558 – 2025

Min. users affected: Any

Country

06. Incident Explorer

Incident	Year ↓	Category	Est. Damage	Affected Users	Country

07. Caveats & Notes

For organisation frequency rankings and damage concentration statistics, see By The Numbers →

All figures are estimates and represent lower bounds, not audited totals.
Direct costs (fines, settlements) are cited from public court filings, regulatory orders, and company disclosures.
Downstream costs use published industry benchmarks as proxies — actual impact varies by customer mix.
Pre-modern incidents (before ~1900) use purchasing-power parity (PPP) conversion rather than simple CPI. For 17th–18th century events we use the Bank of England long-run CPI series; for medieval figures we use construction-cost equivalents. These conversions carry high uncertainty — treat them as order-of-magnitude estimates only.
Where reliable data is unavailable, we use null rather than speculating.
Bubble coordinates mark company HQ at time of incident — not necessarily where the failure originated.
Sources: Gartner 2024, ITIC Annual Reliability Survey, IBM Cost of Data Breach Report 2024.

How We Calculatethe Damage