[CONTENT]
$
USD
Total Economic Impact
Cost Savings And Business Benefits Enabled By Relativity Data Breach Response (DBR)
A Forrester New Technology Projected Total Economic Impact Study Commissioned By Relativity, September 2025
Total Economic Impact
A Forrester New Technology Projected Total Economic Impact Study Commissioned By Relativity, September 2025
In 2024, organization experienced 2.8 breaches on average and incurred $3.4 million in total cumulative costs.1 Legal service providers (LSPs) and law firms are working with breached organizations to meet regulatory requirements and deliver data breach responses projects. With the help of the Relativity Data Breach Response (DBR) solution, LSPs and law firms can accelerate the process from end to end, including data ingestion, data review and linking, and report generation. DBR uses genAI to automate the identification of impacted data, streamline notification workflows, and reduce review costs.
Relativity DBR is a cloud-based solution within the RelativityOne platform designed to help organizations manage data breach incidents. It leverages artificial intelligence and machine learning, and recently added genAI, to automate the identification of sensitive personal and health information (PI/PHI) within large volumes of data, reducing the time and costs associated with manual review. DBR enables the impact assessment by identifying impacted individuals and data types and supporting timely regulatory reporting and notification obligations. The platform integrates with existing workflows, offering tools for ingestion, review, and project management to ensure operational continuity. By streamlining breach response processes and improving accuracy, DBR helps organizations mitigate legal and reputational risks while maintaining compliance with data protection regulations.
Relativity commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying DBR.2 The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of DBR on their organizations.
To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed nine decision-makers from eight organizations with experience using DBR. For the purposes of this study, Forrester aggregated the interviewees’ experiences and combined the results into a single composite organization which is a legal service provider with global operations. The annual breached data volume for the composite organization is 30 TB with 60 cyber incident projects.
Interviewees said that prior to using DBR, their legal service providers or law firms were forced to rely on manual and labor-intensive processes for cyber incident projects. The reviewers were easily burned out and had low morale. The tools they used gave them a high volume of false positives, and the data migration across different platforms caused inefficiencies.
After the investment in DBR, interviewees’ organizations reported high-level investment results including cost savings, improved operational efficiency, and enhanced scalability. DBR’s AI-driven automation reduced manual review workloads, allowing teams to process more documents with fewer resources. Reviewers experienced faster throughput and improved accuracy, while entity deduplication and structured data handling streamlined reporting. DBR’s integration within RelativityOne eliminated data migration risks and enabled faster response times, helping the interviewees’ organizations win more competitive bids and manage larger breach cases with confidence and lower risk.
Quantified projected benefits. Three-year, risk-adjusted present value (PV) quantified benefits for the composite organization include:
Improved reviewers’ efficiency and eliminated manual tasks worth up to $10.5 million. With Relativity DBR, reviewers at the composite save 60% of time on document reviewing due in part to the false positive rate dropping by 10% to 20%. Using DBR accelerates PI/PHI detection and entity linking at the composite, allowing it to experience an improvement in speed, accuracy, and reviewer efficiency with the deployment of Relativity DBR.
Saved up to $1.9 million in the QC process. For the projected high range, the QC rate drops from 4% to 2%, which saves time on QC process. Relativity DBR enables the composite organization to start the QC process earlier and the comprehensive dashboard provides better oversight to the data mining process with an initial impact assessment. It catches errors earlier, reduces manual rework, and improves overall review accuracy.
Saved as much as 60% of time on data ingestion. Compared to its legacy tools, the composite organization accelerates data ingestion through a combination of automation, improved data processing, and culling workflows with RelativityOne and Relativity DBR. In Year 3, the composite organization saves up to 288 working hours on data ingestion.
Saved up to 45% of time on entity report generation Relativity DBR generates the report at the start of the project, and it is incrementally updated throughout to produce a final entity report faster for the composite organization with granular details like linkage back to the entity records in each document. The composite organization experiences an expedited deduplication process and faster entity report generation worth $52,000 over three years.
Unquantified benefits. Benefits that provide value for the composite organization but are not quantified for this study include:
Improved employee experience and morale. Reviewers at the composite previously faced tedious, repetitive tasks that led to burnout and turnover. DBR streamlines their workflow, reducing manual effort and improving job satisfaction. With fewer clicks and less typing, accuracy improves and reviewers receive more positive feedback, contributing to a more efficient and rewarding work environment. The dashboard also provides holistic views to project managers in terms of workflow management.
Strategic flexibility and workflow control. Relativity is designed as a flexible platform with customizable workflows, and the DBR solution mirrors this approach, empowering the composite organization to use tailored cyber incident response workflows for each unique breach, replacing rigid processes with consultative, adaptive decision-making.
Enhanced collaboration and product influence. The composite’s ongoing collaboration with the DBR development team actively shapes product features through feedback and testing. Its input influences roadmap decisions and generative AI (genAI) capabilities and helps improve DBR’s performance, reinforcing its role as strategic partners in DBR’s evolution.
Costs. Three-year, risk-adjusted PV costs for the composite organization include:
Consumption cost. As an application in the RelativityOne platform, Relativity DBR has a flexible consumption price model. The composite organization spends $5.1 million over three years based on the 30 TB annual data ingested into Relativity DBR.
Training cost. Generally, only light training is needed for the composite’s team members since RelativityOne is widely used internally already. The DBR module is easily adopted by team members. Over three years, the composite organization spends $13,800 on training.
Ongoing management. Team members at the composite organization consistently communicate with Relativity team members to discuss the solution and provide feedback. Over three years, it costs around $8,600 for the composite organization.
Forrester modeled a range of projected low-, medium-, and high-impact outcomes based on evaluated risk. This financial analysis projects that the composite organization accrues the following three-year net present value (NPV) for each scenario by enabling Relativity DBR:
Projected high impact of a $7.3 million NPV and projected ROI of 143%.
Projected medium impact of a $6.5 million NPV and projected ROI of 127%.
Projected low impact of a $5.1 million NPV and projected ROI of 100%.
Projected return on investment (PROI)
Projected benefits PV
Projected net present value (PNPV)
Total costs
| Role | Industry | Region | Number Of Employees |
|---|---|---|---|
| Cyber practice leader | Legal service provider | Based in the US, global operations | 1,500 |
| VP of e-discovery Principal of e-discovery and data management |
Professional services | Based in the US, global operations | 173,000 in the US |
| Associate director of e-discovery | Professional services | Global operations | 280,000 |
| Senior project manager | Professional services | Based in Canada, global operations | 16,000 in Canada |
| Head of e-discovery and litigation technology | Professional services | Based in the UK, global operations | 6,000 |
| Legal process engineer manager | Law firm | Based in the US, global operations | 5,000 |
| E-discovery consultant | Law firm | Based in the UK, global operations | 7,000 |
| VP of data mining | Legal service provider | Based in the US, global operations | 41,000 |
Before adopting Relativity DBR, interviewees’ organizations managing data breach incidents faced a range of operational, technical, and strategic challenges. These challenges were rooted in manual workflows, fragmented tool ecosystems, cost inefficiencies, and scalability limitations. The common challenges included:
Manual, labor-intensive workflows. The most pervasive challenge was the reliance on human reviewers to manually identify, extract, and link PI/PHI across large volumes of compromised data. This manual approach required hundreds of reviewers for large-scale incidents, often working offshore to manage costs. However, the sheer volume of data and the complexity of linking PI/PHI to individuals made the process inefficient and unsustainable. The VP of e-discovery at a professional services organization shared: “The process of extracting PI, even with visual aids, is a manual and labor-intensive process. It’s riddled with inconsistent data entry and requires lots of QC and data hygiene.”
Fragmented tool ecosystems and data movement risks. Prior to DBR, many interviewees’ organizations used a combination of tools to manage different stages of the breach response workflow. This often required moving sensitive data between platforms, which raised concerns about security, compliance, and operational efficiency. The legal process engineer manager at a law firm shared: “[Before DBR], we have to move data back and forth. If you have a terabyte of data, that can take hours and hours to move from one platform to another. If you only have to put it into Relativity once, that’s a huge boost.” The lack of integration between tools also introduced inefficiencies in metadata handling, control number mismatches, and additional reconciliation work. These issues compounded the complexity of already time-sensitive projects.
High resource demands and cost constraints. Interviewees noted cyber incident data mining is often paid for by a cyber insurer through the organization’s insurance policy, which imposes strict cost controls and competitive bidding processes. Law firms or LSPs had to balance the need for thorough review with the pressure to minimize expenses. The cyber practice leader at a legal service provider said: “You have to bid for the case. The insurance carriers usually get three bids. Even if you have the right technology mix, if you’re higher than everybody else, you’re just not going to win. So it’s ultra-competitive.” The cost structure was heavily skewed toward labor, with estimates suggesting that 60% to 75% of total project costs were attributed to document review. This created a strong incentive to find technological solutions that could reduce manual effort and improve margins.
Limited automation and scalability. According to interviewees, even when using advanced e-discovery platforms (including Relativity but not leveraging DBR), the absence of automation in key data breach response specific tasks — such as entity linking, deduplication, and specific PI/PHI detection — meant that it could only go so far before needing to have manual interventions and workarounds. The associate director of e-discovery at a professional services organization shared, “We developed our own custom-based application within Relativity [prior to using DBR] to capture entities … but you still need human efforts involved in the whole process.” Even with custom-built solutions, the process of identifying and linking PI/PHI remained largely manual. Reviewers had to highlight names, addresses, and other sensitive data, then manually associate them with individuals. This not only slowed down the review but also increased the risk of errors and inconsistencies.
Reviewer experience and turnover risk. The tedious nature of manual review work had a direct impact on employee satisfaction and retention at the interviewees’ organizations. Reviewers often faced repetitive tasks, long hours, and limited visibility into the impact of their work. The cyber practice leader at a legal service provider shared their own experience: “I started this as a reviewer eight years ago. I know what it feels like to be a reviewer in a terrible platform with a terrible tool and a terrible dataset.” The associate director of e-discovery at a professional services organization said, “The reviewers said they were here in the dark times before DBR, where they had to manually create these entities.” Interviewees noted that improving the reviewer experience was not just a matter of morale — it was also essential for maintaining quality and reducing error rates. Their organizations recognized that happier, more engaged reviewers were more likely to produce accurate and defensible results.
Solution Requirements
The interviewees’ organizations searched for a solution that could:
Reduce labor costs. The primary goal for the interviewees’ organizations was to substitute manual document review with automated processes, thereby lowering the cost of offshore and onshore reviewers.
Increase operational efficiency. The interviewees’ organizations expected the solution to help them process data faster, reducing the time required for review and enabling quicker turnaround on breach response projects.
Improve scalability. By automating PI/PHI detection and entity linking, interviewees expected the solution to allow their firms to handle larger volumes of data without proportionally increasing human resources.
Enhance review accuracy. The interviewees said their firms also wanted a solution that reduced false positives and improved the precision of PI/PHI identification, which in turn lowered the risk of errors in breach notifications.
Simplify workflows. The interviewees’ organizations sought to eliminate the need for data migration between platforms, reducing complexity and risk.
Based on the interviews, Forrester constructed a TEI framework, a composite company, and an ROI analysis that illustrates the areas financially affected. The composite organization is representative of the interviewees’ organizations, and it is used to present the aggregate financial analysis in the next section. The composite organization has the following characteristics:
Description of composite. The global legal service provider headquarters in the US and operates globally. There are 1,500 employees globally. Each year, the composite organization works on 60 cyber incident projects on average with 100 offshore in-house reviewers. On average, each cyber incident project contains 500 gigabytes (GB) of documents, and each gigabyte of documents contains 2,000 document files. The total volume of post-culling data ingested into DBR is 30 terabytes (TB).
Deployment characteristics. For cyber incident projects, the composite organization used homegrown tools based on the RelativityOne platform originally and at times, tested other data breach point solutions. Since Relativity DBR is a module in RelativityOne platform, there is no technical implementation needed. Year 1 of deployment is a trial run, and the composite organization works with the Relativity team consistently to provide feedback. The product continuously updates to meet demand. In Years 2 and 3, the composite organization fully adapts the solution into the workflow.
1,500 global employees
60 data breach incident projects per year with 30 TB post-culling breached data volume
100 offshore in-house reviewers with a fully burdened annual salary of $13,500
| Benefit | Year 1 | Year 2 | Year 3 | Total | Present Value |
|---|---|---|---|---|---|
| Total projected benefits (low) | $3,904,296 | $4,262,612 | $4,230,202 | $12,397,110 | $10,250,393 |
| Total projected benefits (mid) | $4,462,292 | $4,788,834 | $4,756,814 | $14,007,940 | $11,588,207 |
| Total projected benefits (high) | $4,632,238 | $5,122,396 | $5,285,376 | $15,040,010 | $12,415,491 |
Evidence and data. Before adopting Relativity DBR, interviewees described their organizations’ prior data ingestion and migration processes as largely manual, fragmented, and tool-dependent, with significant reliance on human effort and custom-built workflows. Interviewees noted a major advantage of DBR was its native integration with RelativityOne, which eliminated the need to move data between platforms — a process that previously introduced risk, complexity, and inefficiency.
RelativityOne platform was widely used by all interviewees for e-discovery. Before adopting Relativity DBR, the breached data needed to be moved from RelativityOne to other data breach response tools or homegrown tools. By using Relativity DBR, it not only reduced the time and cost associated with data migration but also enhanced data security by keeping sensitive breach data within a single, controlled environment.
Data migration between platforms not only consumed time for the interviewees’ organizations but also incurred costs related to infrastructure, bandwidth, and personnel. Relativity DBR’s in-platform processing helped mitigate these expenses. By keeping everything within Relativity, DBR avoided these reconciliation challenges and reduced the overhead associated with multiplatform workflows. The legal process engineer manager at a law firm said, “[Before DBR], there’s going to be different control number referenced in the other tool … you have to spend time cross-referencing the document that was in Relativity versus the document that was in the other tool.”
Interviewees noted their organizations often began breach response by using Relativity’s search capabilities to reduce data volumes before ingesting into DBR. DBR supports up to 300M personal information annotations and 150M entities, represented across 1 TB of native data per DBR workspace. Interviewees shared that this culling approach enabled them to test DBR on real-world, large-scale breach scenarios with confidence and flexibility. Before deploying Relativity DBR, the interviewees were unable to gain an overview of the breached data until the review process was finished. With Relativity DBR, their organizations had a dashboard function that provided an early-stage overview of the data as long as the data ingestion was completed. This capability allowed their teams to quickly assess the scope and nature of the breach data, enabling faster decision-making and more efficient resource allocation. The VP of data mining at a legal service provider mentioned that the early-stage data visibility was valuable to teams that didn’t have the in-house tech support or data analytics support: “This upfront visibility would allow us to make more informed decisions about whether to proceed with a full manual review, which can be costly, or to determine that the exposure is minimal and not worth the additional investment. In that sense, DBR could serve as a strategic tool — not just for executing a full review but also for guiding decision-making at the outset of a breach response.”
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The composite organization bids and wins 60 cyber incident projects per year. In the prior environment where DBR was not used, the composite organization spent 8 hours migrating the data from RelativityOne platform to the legacy data breach response tool per project on average.
The time reduction of data ingestion after deploying Relativity DBR varies based on the level of solution adoption and the configuration. For the low scenario, the composite organization uses Relativity DBR but with less configuration depending on its use cases. For the high scenario, the composite organization fully adopted Relativity DBR and configured (e.g., customize PI detectors) based on its use cases. The middle scenario sits somewhere in between. These three scenarios are used for all quantified benefits.
The project manager is responsible for data migration normally. The fully burdened hourly rate for project managers is $39. The productivity recapture rate is 50%.
Results. This yields a three-year projected PV ranging from $3,800 (low) to $11,400 (high).
Time reduction in data ingestion
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| A1 | Data breach incident projects | Composite | 60 | 60 | 60 | |
| A2 | Time needed to ingest data into legacy solution per project (hours) | Interviews | 8 | 8 | 8 | |
| A3Low | 10% | 20% | 20% | |||
| A3Mid | Percentage of time reduction to ingest data into DBR | Interviews | 20% | 40% | 40% | |
| A3High | 30% | 60% | 60% | |||
| A4Low | 48 | 96 | 96 | |||
| A4Mid | Time saved with DBR on data ingestion (hours) | A1*A2*A3 | 96 | 192 | 192 | |
| A4High | 144 | 288 | 288 | |||
| A5 | Fully burdened hourly rate for a project manager | Composite | $39 | $39 | $39 | |
| A6 | Productivity recapture rate | TEI methodology | 50% | 50% | 50% | |
| AtLow | $936 | $1,872 | $1,872 | |||
| AtMid | Accelerated data ingestion for PI detection | A4*A5*A6 | $1,872 | $3,744 | $3,744 | |
| AtHigh | $2,808 | $5,616 | $5,616 | |||
| Three-year projected total: $4,680 to $14,040 | Three-year projected present value: $3,804 to $11,413 | |||||
Evidence and data. Before deploying Relativity DBR, interviewees’ organizations faced several challenges in the quality control (QC) process during data breach response, particularly around error detection, manual data validation, and the timing of QC reviews. These issues often stemmed from the need to manually extract and normalize data, run multiple queries, and rely on late-stage sampling to catch errors — an approach that was both time-consuming and prone to oversight. Interviewees noted that Relativity DBR helped improve QC during PI/PHI detection, as highlighted by multiple interviewees. Relativity DBR enables accelerated quality control process by flagging the key area to investigate first, improving overall review accuracy, and reducing manual rework.
The associate director of e-discovery at a professional services organization described their pre-DBR QC workflow as heavily manual and reactive. They explained that prior to DBR, teams would “really just have to sample your data for various different entities” and hope to catch errors, such as missing social security numbers or mismatched names. This reactive approach meant that QC was often delayed until the end of the review cycle, increasing the risk of inaccuracies in the final deliverables. With DBR, however, the QC process became more proactive and efficient. This interviewee noted that the tool “enables you to run your QC elements earlier and more frequently,” which directly contributed to lower error rates. By surfacing potential issues earlier in the workflow, teams could address discrepancies — such as typos in names or incorrect email associations — before they propagated through the review process.
By streamlining the review process and minimizing manual effort, Relativity DBR reduced the QC rate along the process for the interviewees’ organizations. The same interviewee reported: “We’ve seen our QC turnover rate drop from around 5% to closer to 2% to 3% since implementing DBR. Reviewers are less frustrated because they’re catching errors earlier and spending less time on tedious corrections.”
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
Each cyber incident project has 500 gigabytes of breached files, and each gigabyte of data has 2,000 document files on average. Cyber incidents now involve more complex data types so require more sophisticated tooling. The composite uses genAI functionality from Relativity DBR to identify and link PI/PHI with entities in unstructured data more efficiently, lowering the number of files per gigabyte ingested into DBR since the files are more complex than plain text files or emails used in other legal data intelligence area.
With the previous tool, the average QC rate was 5%. Project managers needed to perform QC on 5% of the reviewed documents to ensure accuracy.
With the implementation of Relativity DBR, there is a decrease in QC rate. For the high scenario, the decrease in QC rate is from 4% to 2% in three years due to the fully integration and configuration. For the low scenario, the QC rate drops to 4% in Year 3.
The project manager spends 2 minutes on each document during QC process.
Results. This yields a three-year projected PV ranging from $454,000 (low) to $1.9 million (high).
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| B1 | Documents per gigabyte data | Composite | 2,000 | 2,000 | 2,000 | |
| B2 | Average data volume per incident (GB) | Composite | 500 | 500 | 500 | |
| B3 | QC rate with legacy tool | Interviews | 5% | 5% | 5% | |
| B4Low | 5.0% | 4.5% | 4.0% | |||
| B4Mid | QC rate with Relativity DBR | Interviews | 4.0% | 3.5% | 3.0% | |
| B4High | 4.0% | 3.0% | 2.0% | |||
| B5Low | 0 | 5,000 | 10,000 | |||
| B5Mid | QC document reduction | B1*B2*(B3-B4) | 10,000 | 15,000 | 20,000 | |
| B5High | 10,000 | 20,000 | 30,000 | |||
| B6 | QC time per document (minutes) | Composite | 2 | 2 | 2 | |
| B7 | Fully burdened hourly rate for a project manager | Composite | $39 | $39 | $39 | |
| B8 | Productivity recapture rate | TEI methodology | 50% | 50% | 50% | |
| BtLow | $0 | $195,000 | $390,000 | |||
| BtMid | Accelerated QC on PI/PHI detection | B5*B6/60 min*B7*B8*A1 | $390,000 | $585,000 | $780,000 | |
| BtHigh | $390,000 | $780,000 | $1,170,000 | |||
| Three-year projected total: $585,000 to $2,340,000 | Three-year projected present value: $454,170 to $1,878,212 | |||||
Evidence and data. Before DBR, the interviewees’ organizations relied heavily on manual processes within Relativity or external tools to identify and link PI/PHI to individuals. Some interviewees’ organizations use custom-built coding to record PI/PHI and link it to entities. The process was labor-intensive and error-prone. Relativity DBR enabled reviewers at the interviewees’ organizations to link PI/PHI to individuals with minimal manual effort by providing automatic highlighting of PI/PHI and click-based entity linking. This reduced the time spent on manual review on both structured and unstructured document, which typically consumed the majority of project resources.
Based on the interviewees’ experience, the cost structure of a typical data breach incident project was primarily composed of labor costs. The VP of e-discovery at a professional services organization shared: “Prior to Relativity, the majority of costs would be document review labor. Relativity DBR helps reduce costs by automating data review and linking. This leads to measurable savings and positions DBR as a strategic tool for improving cost efficiency in breach response workflows.” Relativity DBR helped reduce labor costs for the interviewees’ organizations by automating data review and linking. Interviewees said this led to measurable savings and positioned DBR as a strategic tool for improving cost efficiency in breach response workflows. The head of e-discovery and litigation technology at a professional service organization commented: “Compared to our legacy product, performing the same task in DBR is significantly faster and less manual, what once took five times longer is now largely automated, making the process far more efficient and streamlined.”
With the legacy tools, the e-discovery consultant at a law firm described that manual research and typing was required for data review and entity linking. The method often produced large volumes of false positives, requiring extensive manual review to validate the results. The interviewee mentioned: “The real challenges come to be when you want to reduce the number of false positives from search terms for personal information. So you would typically use regular expressions to try to find personal information and keywords, and it would generate a lot of responses.” Relativity DBR enabled reviewers to link PI/PHI to individuals with minimal manual effort. The legal process engineer manager at a law firm shared: “The tool will highlight the PI automatically … ideally, you can just click and say, here’s me, and then click my social security number and it ties it together automatically just with a few clicks versus typing it in.” The interviewee estimated that typing manually may take 40 seconds to a minute, while Relativity DBR’s click-based linking is “pretty much instant.”
At the interviewees’ organizations, a high rate of false positives led to more manual work that could be avoided with Relativity DBR’s AI-driven detection, which distinguished between actual people and false hits. The associate director of e-discovery at a professional services organization provided an example: “I can see the GPT elements being a big help in PI-type identification and entity-level deduplication and removing false positives for entities. Like if I look at and it says Burger King with capital B, capital K, it sees that as a person. It’s like, ‘Well, clearly it’s not.’ So being able to readily identify or flag entities that are not likely to be people ... that’ll probably be one of the core pieces there on it.” This interviewee also provided a data point of the benefit: “I pulled the stats there for last week for a project we’re doing for a review team of five. In one week, that saved 680 hours’ worth of work.” This implied that DBR’s automation delivered over 4.5x the manual effort in value.
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The average document volume per incident is 500 gigabytes and there are 2,000 document per gigabyte of data. With the GenAI capabilities of DBR and the increasing complexity of the impacted data, there are more and more unstructured files that need to be processed with DBR so the average document count is less than average industry standard here.
With the legacy solution, 60% of the document will be filtered and identified as documents contains PI/PHI. With increased accuracy and improvement of linking driven by GenAI, the rate drops to 50% in Year 3. It takes reviewers 1.5 minutes to review each document and record the PI/PHI and entity name on average with the previous solution.
By deploying Relativity DBR, the false positive rate drops. Fewer documents are filtered out with PI/PHI information with higher accuracy. For the high scenario, the percentage of documents containing PI/PHI filtered decreases from 50% in Year 1 to 30% in Year 3. For the low scenario, the rate decreases from 60% to 40%. The configuration and the file type impacts the rate.
Instead of typing information, reviewers adopt click-based recording, which increases efficiency. The review time spent per document decreases to 30 seconds in the Year 1 and 20 seconds in Years 2 and 3. For the offshore in-house reviewers, the fully burdened hourly rate is $6.49.
Results. This yields a three-year projected PV ranging $9.8 million (low) to $10.5 million (high).
GenAI In Data Breach Response
The emergence of generative AI and large language models represents a transformative enabler for PI/PHI review and entity linking. Interviewees noted that Relativity’s ongoing development of GPT-powered capabilities within DBR has shown promising results. According to interviewees, these models analyzed unstructured documents — including handwritten scans, complex PDFs, and image-based files — with greater accuracy and speed than traditional pattern-matching algorithms. GenAI also autolinked PI/PHI to entities, reducing the need for manual validation and enabling reviewers to focus on quality assurance rather than data extraction. For example, instead of manually identifying and linking a name, address, and SSN across multiple documents, reviewers could simply confirm the genAI-generated entity record. This shift from manual review to validation increased throughput, with some users reporting up to 30% faster document review rates and expectations of efficiency gains of 40% to 50% over the next few years.
The VP of data mining at a legal service provider shared: “For complicated documents, DBR’s quality and abilities are far superior to other tools that we've seen testing… like the large handwritten scans, that 10,000-page PDF. GPT can handle scanned photocopies of a driver's license with a signature on top and just tougher scenarios that other tools haven't been able to handle. GPT is doing that and the quality is higher.”
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| C1 | Documents per gigabyte incident data | Composite | 2,000 | 2,000 | 2,000 | |
| C2 | Average document volume per incident in gigabytes | Composite | 500 | 500 | 500 | |
| C3 | Percentage of documents that contain PI filtered by legacy solution | Interviews | 60% | 55% | 50% | |
| C4 | Time spent by reviewers on data analysis per document with legacy solution (minutes) | Interviews | 1.5 | 1.5 | 1.5 | |
| C5 | Time spent on data analysis with legacy tool (hours) | C1*C2*C3*C4/60min | 15,000 | 13,750 | 12,500 | |
| C6Low | 60% | 50% | 40% | |||
| C6Mid | Percentage of documents that contain PI filtered by Relativity DBR | Interviews | 55% | 45% | 35% | |
| C6High | 50% | 40% | 30% | |||
| C7 | Time spent by reviewers per document with Relativity DBR (minutes) | Interviews | 0.50 | 0.40 | 0.40 | |
| C8Low | 5,000 | 3,333 | 2,667 | |||
| C8Mid | Total time spent on data analysis with Relativity DBR (hours) | C1*C2*C6*C7/60min | 4,583 | 3,000 | 2,333 | |
| C8High | 4,167 | 2,667 | 2,000 | |||
| C9 | Fully burdened hourly rate for a reviewer | Composite | $6.49 | $6.49 | $6.49 | |
| CtLow | $3,894,000 | $4,056,380 | $3,828,970 | |||
| CtMid | Accelerated data review and linking | (C5-C8)*C9*A1 | $4,056,380 | $4,186,050 | $3,959,030 | |
| CtHigh | $4,218,370 | $4,315,720 | $4,088,700 | |||
| Three-year projected total: $11,779,350 to $12,622,790 | Three-year projected present value: $9,769,142 to $10,473,493 | |||||
Evidence and data. Before adopting Relativity DBR, the interviewees’ organizations relied heavily on manual processes and custom-built tools to handle deduplication and entity report generation during data breach response. Interviewees’ organizations used SQL scripts, Python, or external analytics tools to normalize and deduplicate entity lists, requiring specialized skills. Data was often processed in one platform and exported to another for reporting, increasing the risk of metadata loss and versioning errors. Deduplication and report generation could take days or weeks, especially for large datasets with millions of entities.
Relativity DBR automated the process of identifying and merging duplicate entities, which previously required manual review and scripting. This helped reduce errors and save time. The e-discovery consultant at a law firm shared: “The tool allows us to deduplicate individuals, and it will try to allow you to associate. That is something that can probably take a data analyst like a day or so to pull together.”
On the entity report generation side, DBR enabled users at the interviewees’ organizations to generate entity reports directly within Relativity, reducing the need for external tools and manual reconciliation. This improved data integrity and sped up delivery. The associate director of e-discovery at a professional services organization noted, “Everything sits in one place rather than trying to work with half a dozen different tools and nothing ever matches, and it becomes a nightmare when you try to report at the end.”
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The composite organization spends 40 hours before on deduplication and entity report generation with legacy solutions on average per project.
After the deployment of Relativity DBR, the time for deduplication and entity report generation decreased by 20% for the low scenario and 45% for the high scenario.
The project managers are normally responsible for the deduplication and report generation. The fully burdened hourly rate for a project manager is $39 and the productivity recapture rate is 50%.
Results. This yields a three-year projected PV ranging from $23,300 (low) to $52,400 (high).
Time reduction in entity report generation
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| D1 | Incident projects per year | Composite | 60 | 60 | 60 | |
| D2 | Time needed for entity report generation and deduplication with legacy solutions (hours) | Interviews | 40 | 40 | 40 | |
| D3Low | 20% | 20% | 20% | |||
| D3Mid | Percentage of time reduction with Relativity DBR | Interviews | 30% | 30% | 30% | |
| D3High | 45% | 45% | 45% | |||
| D4Low | 480 | 480 | 480 | |||
| D4Mid | Total time saved with Relativity DBR (hours) | D1*D2*D3 | 720 | 720 | 720 | |
| D4High | 1,080 | 1,080 | 1,080 | |||
| D5 | Fully burdened hourly rate for a project manager | Composite | $39 | $39 | $39 | |
| D6 | Productivity recapture rate | TEI methodology | 50% | 50% | 50% | |
| DtLow | $9,360 | $9,360 | $9,360 | |||
| DtMid | Accelerated report generation | D4*D5*D6 | $14,040 | $14,040 | $14,040 | |
| DtHigh | $21,060 | $21,060 | $21,060 | |||
| Three-year projected total: $28,080 to $63,180 | Three-year projected present value: $23,277 to $52,373 | |||||
Interviewees mentioned the following additional benefits that their organizations experienced but were not able to quantify:
Improved employee experience and morale. Interviewees said the reviewers on their teams were doing repetitive and tedious work, which could easily lead to low morale and high turnover rate. DBR reduced tasks for reviewers, improving job satisfaction and reducing burnout at the interviewees’ organizations. The cyber practice leader at a legal service provider shared, “Reviewers are not wasting their time as much [and are] making their time more efficient. [They’re] not doing repetitive boring tasks that makes [them] want to throw [their] computer.” With increased accuracy, reviewers also got positive feedback about their results. The same interviewee commented: “The tools are pointing them in the right direction. The fewer clicks, less typing, the fewer errors you should make.”
Strategic flexibility and workflow control. The workflow of data breach incident projects was different in each interviewee’s organization. Relativity DBR enabled the interviewees’ organizations to tailor workflows based on project needs, allowing consultative decision-making rather than rigid processes. This benefit was important in a field where every incident was unique, and rigid, cookie-cutter workflows could hinder efficiency, accuracy, and client satisfaction. The cyber practice leader at a legal service organization said: “The main reason why I say yes [to Relativity DBR] is that their set rules can be changed. … With Relativity, there’s a lot of flexibility in building your own custom rules outside of their generic rules.” What’s more, interviewees said that because DBR is embedded within RelativityOne, users could avoid data migration, maintain consistent metadata, and control the entire workflow within a single environment.
Enhanced collaboration and product influence. As early adopters, all the interviewees had constant communication with Relativity DBR development team. The interviewees influenced DBR’s roadmap, shaping features to meet their real needs. The interviewees thought that they were the real partner of the Relativity DBR team. Relativity actively incorporated user suggestions into product updates. The e-discovery consultant at a law firm shared: “We’ve provided a lot of feedback and our suggestions are being taken on board. … A lot of those have now been implemented.”
The value of flexibility is unique to each customer. There are multiple scenarios in which a customer might implement DBR and later realize additional uses and business opportunities, including:
Scalability. According to interviewees, Relativity DBR could handle large volumes of data and complex breach scenarios without performance degradation or excessive manual effort. The interviewees’ organizations were tested on projects with hundreds of gigabytes of data and DBR demonstrated the improvement in performance and stability over time. The associate director of e-discovery at a professional services organization mentioned, “Whenever we get a large kind of data breach case, by large, I’d be looking at anywhere from 600 to 700 gigabytes plus [post-culling], Relativity [DBR]would help us … on one workplace.”
Global deployment and jurisdictional flexibility. DBR’s cloud-based architecture supported deployment for the interviewees’ organizations across geographies, enabling consistent workflows and data security. The head of e-discovery and litigation technology at a professional services organization shared, “We currently operate several RelativityOne instances across our global network, and DBR is fully deployed and accessible in each of these environments, ensuring consistent functionality and availability worldwide.” Also, interviewees noted that data breach incidents often involved navigating complex jurisdictional regulations and DBR supported customizable rule sets for different regions, allowing users to tailor detection parameters to local legal requirements. The cyber practice leader at a legal service provider shared, “They have set rules for each jurisdiction … but if you’re getting false hits or you’re missing something … you can actually go into the tool and fix it yourself.” This flexibility allowed this interviewee’s organization to expand into different market and reduce the compliance risks.
Flexibility would also be quantified when evaluated as part of a specific project (described in more detail in Total Economic Impact Approach).
| Ref. | Cost | Initial | Year 1 | Year 2 | Year 3 | Total | Present Value |
|---|---|---|---|---|---|---|---|
| Etr | Relativity DBR consumption | $0 | $2,047,500 | $2,047,500 | $2,047,500 | $6,142,500 | $5,091,829 |
| Ftr | Training costs | $9,143 | $1,857 | $1,857 | $1,857 | $14,714 | $13,761 |
| Gtr | Ongoing management | $1,794 | $4,485 | $2,243 | $1,121 | $9,643 | $8,567 |
| Total costs (risk-adjusted) | $10,937 | $2,053,842 | $2,051,599 | $2,050,478 | $6,166,856 | $5,114,157 |
Evidence and data. To use the legacy solutions, interviewees’ organizations often paid licensing fees or had upfront development costs. Relativity DBR charges per gigabyte processed into the application with a flexible consumption based model.
All the interviewees expressed their preference regarding the DBR consumption cost model. The head of e-discovery and litigation technology at a professional service organization shared: “DBR is available on-demand: if you choose to use it, you can; if not, there’s no cost.”
Some interviewees also mentioned that DBR was cheaper than their legacy tools, especially when considering hosting and integration. The senior project manager at a professional services organization commented: “For us, [there is] certainly an absolutely huge [price advantage]. … The previous tool we used was more expensive than DBR.”
In this insurance-driven data breach response market, vendors must bid competitively. Interviewees said Relativity DBR helped reduce costs, enabling lower bids and better profit margins.
What’s more, the interviewees reported that the technical implementation of DBR was straightforward, especially for those whose organizations were already using RelativityOne. The cyber practice leader at a legal service organization shared: “Implementation-wise, installing it on the workspace [was] very simple. Literally it’s a click of a button.”
Pricing is usage based and may vary. Contact Relativity for additional details.
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The consumption cost is based on the data volume ingested into DBR. With 60 projects per year, the composite organization ingests 30 TB of post-culling breached data into DBR.
The cost here does not include RelativityOne platform hosting fee.
Risks. The expected financial impact is subject to risks and variation based on several factors that may increase this cost, including:
Relativity’s pricing strategy.
The data volume ingested into Relativity DBR.
Results. To account for these risks of typical variability in enterprise implementations, Forrester adjusted this cost upward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $5.1 million.
| Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 |
|---|---|---|---|---|---|---|
| E1 | Relativity DBR consumption | Composite | $1,950,000 | $1,950,000 | $1,950,000 | |
| Et | Relativity DBR consumption | E1 | $0 | $1,950,000 | $1,950,000 | $1,950,000 |
| Risk adjustment | ↑5% | |||||
| Etr | Relativity DBR consumption (risk-adjusted) | $0 | $2,047,500 | $2,047,500 | $2,047,500 | |
| Three-year total: $6,142,500 | Three-year present value: $5,091,829 | |||||
Evidence and data. Interviewees consistently noted that reviewers who were already familiar with RelativityOne platform required very little training to begin using DBR. The interface and workflows were similar enough that the learning curve was minimal.
The VP of e-discovery at a professional services organization shared: “Our reviewers and operations people do not need a lot of training to get up to speed because the look and feel of the product is the same as the rest of Relativity’s software suite.”
While reviewers may need little training, interviewees said project managers and admins often faced a steeper learning curve due to DBR’s evolving features and documentation. Interviewees mentioned that project managers would take longer time to familiarize them with the solution, since it was very critical to make sure the configuration was appropriate.
Several interviewees emphasized the importance of formal training and certification programs to promote consistent understanding and build confidence across teams. Many expressed a strong interest in obtaining the official DBR certification, recognizing its value in validating expertise and facilitating smoother adoption. Interviewees whose organizations had extensive experience in Relativity found DBR easier to implement due to their familiarity with the platform’s structure and workflows.
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The composite organization has 100 reviewers. Each reviewer needs to have a training session of 8 hours at the initial deployment phase and another 2-hour training session each year for updated features.
There are five project managers in the composite organization. The project managers need to have a training session of 16 hours at the initial deployment phase and another 2-hour training session each year for updated features.
Risks. The expected financial impact is subject to risks and variation based on several factors that may increase this cost, including:
The number of reviewers and the project managers on the team.
The turnover rate.
The familiarity of RelativityOne for the reviewers at the organization.
Results. To account for these risks, Forrester adjusted this cost upward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $13,800.
| Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 |
|---|---|---|---|---|---|---|
| F1 | Training hours for reviewers | Interviews | 8 | 2 | 2 | 2 |
| F2 | Reviewers | Composite | 100 | 100 | 100 | 100 |
| F3 | Training hours for project managers | Interviews | 16 | 2 | 2 | 2 |
| F4 | Project managers | Composite | 5 | 5 | 5 | 5 |
| Ft | Training costs | F1*C9*F2+F3*A5*F4 | $8,312 | $1,688 | $1,688 | $1,688 |
| Risk adjustment | ↑10% | |||||
| Ftr | Training costs (risk-adjusted) | $9,143 | $1,857 | $1,857 | $1,857 | |
| Three-year total: $14,714 | Three-year present value: $13,761 | |||||
Evidence and data. Interviewees consistently described Relativity as engaged, responsive, and collaborative, especially in the context of DBR’s development. In the early adoption phase, the ongoing communication helped shape improvements and build trust. The frequency ranged from daily to weekly, and the duration extended over months, particularly for those deeply involved in testing and feedback.
The associate director of e-discovery at a professional services organization shared, “It was almost daily and then it got scaled back after about two to three weeks down to twice a week.”
Interviewees emphasized that Relativity was responsive to feedback, even if the product was still evolving. The legal process engineer manager at a law firm shared: “I’ve been in touch with the Relativity team over the years. … I know they were making the product work better.”
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The project managers are leading the ongoing communication with Relativity team.
At the beginning of the deployment, there is intense communication of 40 hours to make sure the transition goes smoothly. In Year 1, consistent communication ensures adoption in the composite organization, so the project managers spend 100 hours communicating with Relativity team.
In Years 2 and 3, the number of hours decrease to 50 hours and 25 hours.
Risks. The expected financial impact is subject to risks and variation based on several factors that may increase this cost, including:
The adoption strategy of Relativity DBR.
The consistent usage of DBR across different cyber incident projects.
Results. To account for these risks, Forrester adjusted this cost upward by 15%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $8,600.
| Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 |
|---|---|---|---|---|---|---|
| G1 | Hours to communicate with Relativity team | Interviews | 40 | 100 | 50 | 25 |
| G2 | Fully burdened hourly rate for a project manager | Composite | 39 | 39 | 39 | 39 |
| Gt | Ongoing management | G1*G2 | $1,560 | $3,900 | $1,950 | $975 |
| Risk adjustment | ↑15% | |||||
| Gtr | Ongoing management (risk-adjusted) | $1,794 | $4,485 | $2,243 | $1,121 | |
| Three-year total: $9,643 | Three-year present value: $8,567 | |||||
| Initial | Year 1 | Year 2 | Year 3 | Total | Present Value | |
|---|---|---|---|---|---|---|
| Total costs | ($10,937) | ($2,053,842) | ($2,051,599) | ($2,050,478) | ($6,166,856) | ($5,114,157) |
| Total benefits (low) | $0 | $3,904,296 | $4,262,612 | $4,230,202 | $12,397,110 | $10,250,393 |
| Total benefits (mid) | $0 | $4,462,292 | $4,788,834 | $4,756,814 | $14,007,940 | $11,588,207 |
| Total benefits (high) | $0 | $4,632,238 | $5,122,396 | $5,285,376 | $15,040,010 | $12,415,491 |
| Net benefits (low) | ($10,937) | $1,850,454 | $2,211,013 | $2,179,724 | $6,230,254 | $5,136,236 |
| Net benefits (mid) | ($10,937) | $2,408,450 | $2,737,235 | $2,706,336 | $7,841,084 | $6,474,050 |
| Net benefits (high) | ($10,937) | $2,578,396 | $3,070,797 | $3,234,898 | $8,873,154 | $7,301,334 |
| PROI (low) | 100% | |||||
| PROI (mid) | 127% | |||||
| PROI (high) | 143% |
The financial results calculated in the Benefits and Costs sections can be used to determine the PROI and projected NPV for the composite organization’s investment. Forrester assumes a yearly discount rate of 10% for this analysis.
These risk-adjusted PROI and projected NPV values are determined by applying risk-adjustment factors to the unadjusted results in each Benefit and Cost section.
The initial investment column contains costs incurred at “time 0” or at the beginning of Year 1 that are not discounted. All other cash flows are discounted using the discount rate at the end of the year. PV calculations are calculated for each total cost and benefit estimate. NPV calculations in the summary tables are the sum of the initial investment and the discounted cash flows in each year. Sums and present value calculations of the Total Benefits, Total Costs, and Cash Flow tables may not exactly add up, as some rounding may occur.
From the information provided in the interviews, Forrester constructed a New Technology: Projected Total Economic Impact™ (New Tech TEI) framework for those organizations considering an investment in DBR.
The objective of the framework is to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. Forrester took a multistep approach to evaluate the projected impact that DBR can have on an organization.
Interviewed Relativity stakeholders and Forrester analysts to gather data relative to DBR.
Interviewed nine decision-makers at eight organizations using DBR with a range of experience from adopters to testers to obtain data about projected costs, benefits, and risks.
Designed a composite organization based on characteristics of the interviewees’ organizations.
Constructed a projected financial model representative of the interviews using the New Tech TEI methodology and risk-adjusted the financial model based on issues and concerns of the interviewees.
Employed four fundamental elements of New Tech TEI in modeling the investment’s potential impact: benefits, costs, flexibility, and risks. Given the increasing sophistication of ROI analyses related to IT investments, Forrester’s TEI methodology provides a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology.
Projected benefits represent the projected value the solution delivers to the business. The New Tech TEI methodology places equal weight on the measure of projected benefits and projected costs, allowing for a full examination of the solution’s effect on the entire organization.
Projected costs comprise all expenses necessary to deliver the proposed value, or benefits, of the solution. The methodology captures implementation and ongoing costs associated with the solution.
Flexibility represents the strategic value that can be obtained for some future additional investment building on top of the initial investment already made. The ability to capture that benefit has a PV that can be estimated.
Risks measure the uncertainty of benefit and cost estimates given: 1) the likelihood that estimates will meet original projections and 2) the likelihood that estimates will be tracked over time. TEI risk factors are based on “triangular distribution.”
The present or current value of (discounted) cost and benefit estimates given at an interest rate (the discount rate). The PV of costs and benefits feed into the total NPV of cash flows.
The projected present or current value of (discounted) future net cash flows given an interest rate (the discount rate). A positive project NPV normally indicates that the investment should be made unless other projects have higher NPVs.
A project’s expected return in percentage terms. ROI is calculated by dividing net benefits (benefits less costs) by costs.
The interest rate used in cash flow analysis to take into account the time value of money. Organizations typically use discount rates between 8% and 16%.
New Technology: Projected Total Economic Impact (New Tech TEI) is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists solution providers in communicating their value proposition to clients. The New Tech TEI methodology helps companies demonstrate, justify, and realize the tangible value of business and technology initiatives to both senior management and other key stakeholders.
1 Source: 2025 Breach Benchmarks, By Region, Forrester Research, Inc., August 15, 2025.
2 Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists solution providers in communicating their value proposition to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of business and technology initiatives to both senior management and other key stakeholders.
Readers should be aware of the following:
This study is commissioned by Relativity and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis.
Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the study to determine the appropriateness of an investment in DBR.
Relativity reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study.
Relativity provided the customer names for the interviews but did not participate in the interviews.
Chengcheng Dong
September 2025
ABOUT FORRESTER CONSULTING
Forrester provides independent and objective research-based consulting to help leaders deliver key transformation outcomes. Fueled by our customer-obsessed research, Forrester’s seasoned consultants partner with leaders to execute on their priorities using a unique engagement model that tailors to diverse needs and ensures lasting impact. For more information, visit forrester.com/consulting.
© Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies.
https://mainstayadvisor.com/go/mainstay/gdpr/policy.html
PDF