Tax implications of data breaches – all you need to know

Tax implications of data breaches – all you need to know

Cybersecurity is one of the most pressing concerns for business owners, as data loss can disrupt daily operations, putting a stain on the company’s reputation. However, data loss expenses may be tax-deductible, thus, companies should consult with a tax professional to learn more about it. For example, businesses may be able to take advantage of tax deductions for investments made in cybersecurity. This can include expenses related to purchasing and implementing cybersecurity software and hardware and the cost of training employees on the best cybersecurity practices. Moreover, ventures engaging in research and development related to cybersecurity may be eligible for a tax credit as well. Since tax laws can change over time, it’s advisable to stay updated on this aspect.

What is a data breach, and what are its consequences?

A data breach is an unauthorised access, disclosure, use, modification or destruction of data and can occur in several ways, such as:
  • Hacking: attackers use different techniques to gain unauthorised access to a computer system or network and steal or manipulate data;
  • Malware: attackers use malicious software to infect a device;
  • Phishing: bad actors adopt social engineering tactics to trick individuals into revealing sensitive information, like login credentials or personal data;
  • Insider threats: an employee or contractor with access to sensitive data misuses the data intentionally or unintentionally.


A data breach can result in the loss or theft of sensitive information like personal, financial, or confidential business information.
It has severe consequences for organisations, including financial losses, legal and regulatory penalties, and damage to reputation and customer trust.
Employees and customers can also suffer considerable damage if their data gets compromised.
For example, identity theft enables hackers to use valuable information like addresses, phone numbers, and Social Security numbers for malicious purposes.
They can sell the data to third parties, commit fraud and make online purchases.
When such a thing happens, customers may receive fraudulent invoices or bills.

Sometimes, in the aftermath of a data breach, victims may file a lawsuit against the organisation responsible for the incident by claiming that it failed to protect their data properly.
You can learn more about this at Can I Claim GDPR Compensation For Distress? in the UK.
Suppose a customer is one of the victims; they may not want to use a company’s services again, which could negatively impact future sales.
Not to mention that legal fees can accumulate quickly if you face various claims.

Are cybersecurity breaches deductible?

Cybersecurity breaches costs differ based on several factors like:

  • The industry;
  • The type of stolen information;
  • How bad actors gained access to the data;
  • How fast the breach was discovered;
  • How the data was further used.


Cybersecurity breaches can be more costly than it is believed, and that’s because they can increase months or years after the incident happens.
But it doesn’t really matter how much a data breach costs, considering its significant impact on companies’ operations.
This is probably evident, but the most effective way to manage a data breach is to prevent it from occurring in the first place.
Even if the perfect data loss prevention policy doesn’t exist, aiming for a good one is still worth the cost.
However, data breach prevention methods like encryption technology and data theft detection software are deductible for federal and state income tax purposes.

The costs associated with a data breach are also tax-deductible because they are considered necessary expenses.
This includes ransom payments made in response to ransomware attacks, as those payments are considered theft by extortion; hence, they are deductible if the extortion was illegal in the state where it happened.
However, it’s worth noting that costs covered by insurance are not deductible.
This means that if a business has cybersecurity insurance, and the insurer reimburses it for some of the costs associated with the breach– or for all of them- the business can’t claim a tax deduction for the expenses.

Businesses should understand the terms of their cybersecurity insurance policy and keep accurate records of their losses to maximise their tax deductions.
Moreover, they should work closely with a tax professional or their insurance provider to determine the deductible costs associated with a data breach and, thus, ensure they are claiming the maximum tax deductions available to them.

Finding the silver lining in a troubling situation

While no business would ever want to experience a data breach, everyone is at risk of becoming a victim.
Implementing effective cybersecurity measures is a smart way to prevent potential threats.
For example, investing in cybersecurity software can help mitigate the risk of a data breach by monitoring network traffic and alerting users if something is not right.
However, it’s vital to look for cybersecurity software that best aligns with your business needs.
While some companies provide free versions of programs, others require a monthly subscription fee.
Strong passwords are also vital when it comes to keeping your data safe, as hackers can use sophisticated tools to break into your accounts, leaving your data compromised.

Even if your password is good, that may not guarantee your account is protected.
Using 2FA is an extra security measure, as users must enter a code they get via email or phone to log in.
Businesses must always stay vigilant, as it is hard to predict when a hacker may try to get their hands on sensitive data.
Hence, it’s vital to monitor systems frequently and identify possible signs of hacking attempts.
Data breaches can still occur even when using the best software, so it’s imperative to have a backup plan if you experience such an incident.
This is a great way to ensure valuable information won’t be lost.

Despite having good preventive measures in place, you can still suffer the consequences of a data breach, but knowing that tax law offers a deduction for your losses can put your mind at ease.
After all, it can be truly hard to get back on track after a data breach, and many times, a significant percentage of SMBs close within six months following the event.
\his can be genuinely devastating for business owners, but it doesn’t have to be the case for you, so make sure to reach out to a tax professional for further information on tax deduction.