Breaches have a different impact: security, reputational and economical, in that order.
Firstly the security of the breached company is compromised, the company has to identify the source of the breach, fix the issue, etc. Then there is a reputational impact when the data breach is made public. Finally, the economic impact is very difficult to measure it depends on different things, the company size, the information that was compromised, the number of exposed records, the freshness, etc
From my experience, it can vary from few millions up to hundreds of millions just like what happened with the Yahoo Breach (https://www.ft.com/content/ed743ace-f3a9-11e6-8758-6876151821a6)
Moral: It is cheaper invest in cybersecurity before a data breach happen
The average cost of a data breach is $4 million, and the average cost per record breached is $158. These costs are on the rise and can vary widely based on the industry in which the data breach occurred. Medical data is considerably more expensive to clean up, clocking in a $355 per record breached. The cost of remedying data breaches per industry include: $355 per healthcare record $246 per education record $129 per transportation record $112 per research record $80 per public sector record Even if you are not directly responsible for a data breach, you are responsible for those you hire to do work for you including the people who rent you your fax machines and send your patient's appointment reminder postcards. Taking necessary precautions can mean the difference between thriving or going out of business.