the cost to secure
In the US it's customary, although ludicrous, to consider the cost of having a security audit and locking down the system after the break-in damages.
So if you secure it up front, it's a cost of operation. If you fail to secure it up front and pay the rat bastards who allowed the attacker in more money to fix what wasn't secure before, that's damages. If you pay a third-party consultant to come in and secure it, you can drive up the "damages" even more.
See, I said it was ludicrous. I'm a Yank and I have always thought it was stupid. I can only imagine how stupid the idea sounds across the pond, where the laws on computer crimes probably make much more sense.
I can see damages being assessed if he crashed systems, deleted data, corrupted data, or stole credit card numbers/identity information and used or sold them. But in the real world, no one gets assessed damages for walking across the corner of a lawn unless they kill grass or flowers. This type of trespassing is not very much different. If a gate was unlocked, it's not causing damage to open it and walk through, is it?