Skip to main content
Sentrytex
Start free
Sentrytex ROI calculator · math sourced from research/breach-cost-data.md

What does a faster security alert save you?

The math below blends three numbers: the IBM 2025 average breach cost for your industry, the Verizon DBIR 2025 share of breaches that start with a published vulnerability, and the IBM-measured cost reduction from cutting a breach's lifecycle short. Adjust the inputs to see how Sentrytex changes your expected loss.

Your organization

Per-incident value when an advisory-vector breach lands

Up to $10.13M saved

If your team patches before the exploit window: Sentrytex's sub-hour CVE/advisory alert lets you act on the published vulnerability before an attacker reaches you. Full averted breach cost: the IBM-baseline $10.13M doesn't happen.

Or $2.53M saved

If the breach starts but Sentrytex compresses the lifecycle: IBM 2025 measures a ~25% cost reduction when breaches are detected and contained faster. Same baseline ($10.13M), shorter dwell time.

For the Team plan at $29/mo ($348/yr), the per-incident return is 7,275× on detection, up to 29,100× on a fully-averted incident.

Or, in expected-value terms

$232.9K / yr conservative annualized

Probability-weighted: 9.2% chance of an advisory-vector breach in any given year × $2.53M reduction = about $232.9K of expected loss avoided per year.

How both numbers are calculated

Industry baseline. IBM 2025 Cost of a Data Breach: $10.13M per incident for your industry × region × org-size profile (small-business multiplier 0.85, mid-market 1.0, enterprise 1.25 (IBM 2024 by-org-size data). Includes detection, escalation, notification, post-breach response, and lost business. Does not include reputational damage, class-action settlements, or regulatory fines beyond a blended industry average.

Two outcome paths Sentrytex enables. When the alert lands, the org gets one of two outcomes:

  • Averted: a patch ships before the exploit reaches them. Full $10.13M avoided.
  • Detection-faster: the breach starts but Sentrytex compresses the lifecycle. IBM 2024 measured ~20% lower cost for breaches contained in <200 days; we credit 25% for sub-hour awareness. Saves $2.53M of the baseline.

Sentrytex's addressable share. Verizon DBIR 2025 attributes ~20% of breaches to a published vulnerability or vendor-advisory entry vector. Mandiant 2024 reports ~33%; we use the lower number. Outside this slice (phishing, stolen creds, insider misuse), Sentrytex claims zero benefit.

Annual probability of an advisory-vector incident: 46% × 20% = 9.2%.
Conservative annualised (detection-only path): $2.53M × 9.2% ≈ $232.9K/yr.

Why annualised stays conservative. Whether an alert leads to averted or just detection-fasterdepends on whether a patch was available AND whether your team acts in the exploit window. Both are user-team variables, not Sentrytex-controlled. We hold the annualised figure on the conservative detection-only path so we don't over-claim. The averted-cost number is correctly framed as "up to" / outcome best-case.

What Sentrytex does not claim to do. Sentrytex does not prevent phishing, stolen credentials, insider misuse, or social engineering. It does not eliminate any specific regulatory fine; it only buys time-to-aware to comply with disclosure clocks. Real outcomes vary; this is a model, not a guarantee.

Plus: regulatory disclosure exposures (not in IBM's baseline)

Mandatory notification clocks are a separate exposure. Sentrytex's <60-minute alerts buy you the time to comply; we don't claim to eliminate the underlying fine risk.

GDPR Art. 33 (EU/UK)

Clock: 72 hours from awareness

Notification of personal-data breach to supervisory authority

Statutory cap: €10M or 2% of global annual turnover (Art. 83(4))

Enforced: Twitter (now X) — €450K, Irish DPC, Dec 2020, late notification · Regulation (EU) 2016/679

SEC Item 1.05 (US public companies)

Clock: 4 business days from materiality determination

Form 8-K disclosure of material cybersecurity incidents

Statutory cap: Civil penalties + private securities-fraud exposure

Enforced: R.R. Donnelley & Sons — $2.125M settlement, Jun 2024 · Yahoo (Altaba) — $35M, Apr 2018 · 17 CFR §229.106 (in force Dec 2023)

HIPAA Breach Notification (US healthcare)

Clock: 60 days from discovery

Notification to HHS, affected individuals, sometimes media

Statutory cap: Up to $1.5M / yr per identical-violation tier

Enforced: Anthem — $115M class settlement + $39.5M state-AGs (2017–2020) · 45 CFR §164.404–410 (HITECH Act 2009)

State AGs (US, ex. SHIELD Act)

Clock: Varies (often 30–60 days, sometimes “without unreasonable delay”)

Multi-state breach-notification statutes

Statutory cap: Per-record civil penalties; multi-state coalitions stack

Enforced: T-Mobile — $350M class + $315M FCC consent decree (2022/2024) · NY GBL §899-aa, CA Civ. Code §1798.82, etc.

Return on the Team plan

Per-incident return7,275×
Net expected-value annual savings (after Sentrytex cost)$232.6K
Payback period (expected-value)1 days
3-year NPV @ 10% discount$578.4K
Start free trial

Probability of a 12-month material incident: 46% (smb). Industry baseline cost (incl. downtime, if entered): $10.13M.

When this kind of breach lands

Three landmark breaches whose entry vector was a published vulnerability or known misconfiguration that a continuous monitor could have surfaced. We do not claim Sentrytex would have prevented these specific breaches. We cannot know that. We do claim that each started with a signal of the kind Sentrytex ingests every 30 minutes.

Equifax · 2017

$1.4B+ settlements + $700M FTC/states (2019)

Trigger: Apache Struts CVE-2017-5638, unpatched ~2 months after public disclosure

What a feed would have surfaced: CVE-2017-5638 published Mar 6, 2017; Equifax breach began ~mid-May 2017. A CVE/KEV feed would have surfaced the advisory within hours.

Apache Software Foundation post-mortem, ASF news 2017

Capital One · 2019

$190M class settlement + $80M OCC fine

Trigger: Misconfigured WAF + S3 metadata-service abuse (SSRF)

What a feed would have surfaced: SSRF advisory patterns + AWS WAF misconfig signatures were public CVE/KB territory at the time.

ACM TOPS systematic analysis (Sep 2022); OCC Consent Order 2020-036

Change Healthcare (UnitedHealth) · 2024

$2.87B Q1 disclosed cost; analyst projections $5B+ all-in

Trigger: Citrix gateway lacking MFA → ALPHV/BlackCat ransomware

What a feed would have surfaced: Citrix MFA/auth-bypass advisories had been public for months; vendor RSS plus CVE attribution would have surfaced the gap.

UnitedHealth 10-Q Q1 2024

How the math works

  1. Baseline breach cost. Pulled from IBM's 2025 Cost of a Data Breachreport by industry. Healthcare runs $9.77M; financial services $6.08M; technology $5.18M; the global average is $4.44M. We multiply by a regional factor (US 2.30×, EU/UK 0.95×, rest 0.65×) reflecting IBM's regional splits.
  2. Annual probability. DBIR 2025 cohort data plus the IBM survey overlay puts a 12-month material-incident rate at ~46% for SMBs (1–250), ~65% for mid-market (251–5,000), and ~83% for enterprises (5,000+). We use the midpoint of each band.
  3. Advisory-vector share. DBIR 2025 reports ~20% of breaches start with a published vulnerability. Mandiant 2024 reports ~33%. We use the lower number to keep the savings conservative.
  4. Cost reduction inside that slice. IBM 2024 measured a ~20% cost reduction when breaches were contained in under 200 days. Sentrytex compresses that to hours by surfacing CVEs and vendor advisories on publication, so we credit a 25% cost reduction inside the advisory slice.
  5. Outside that slice. We claim no benefit. A breach driven by a phishing email or stolen credential isn't something a vulnerability monitor can prevent; a tool that promises to is overclaiming.
  6. NPV horizon. 3 years at a 10% discount rate, applied to (gross savings − Sentrytex cost).
  7. EPSS-driven dispatch. We promote alerts to immediate-dispatch when EPSS predicts ≥10% probability of exploitation in the next 30 days, OR the CVE sits in the top 5% of EPSS percentile. This captures ~82% of actually-exploited CVEs while only flagging ~7% of the catalog (FIRST EPSS v4 benchmarks, 2025). Without EPSS, hitting that 82% capture rate via CVSS-only scoring would require flagging ~58% of the catalog (8× the noise).

Full citations live in research/breach-cost-data.md (71 footnoted sources, 6.4K words). Numbers refresh annually when IBM and Verizon publish new editions.
EPSS data: https://www.first.org/epss/data_stats and model card at https://www.first.org/epss/model.

What this calculator does not include

  • Reputational damage / multi-year customer churn: typically the largest cost in published case studies, but unique to each business.
  • Class-action settlements (T-Mobile $350M, Equifax $1.4B+): the IBM baseline includes typical regulatory exposure but underweights tail-risk litigation.
  • SEC enforcement on public companies (Yahoo $35M, R.R. Donnelley $2.1M): applies only to listed entities.
  • Personal liability for the security executive (Joe Sullivan, ex-Uber CSO, two felony convictions, 3-year probation): a real but unquantifiable risk in 2026.