While the incidence of insider threats is on the rise, the consequences of a successful attack are also getting worse for organizations. A breach can cause financial damage, lead to costly interruptions to business operations and affect reputation for years to come.

In a 2016 study, IBM and the Ponemon Institute calculated that on a global average, the cost of a data breach totals USD 4 million. This figure shows that the effects of a data breach ripple far beyond the monetary value of the stolen information - itself omitted in that estimate.1

Components of the $4 milion cost per data breach

$4 Million Pie Chart
$4 Million single

Lost business cost $1.63 million

  • Abnormal turnover of customers, increased customer acquisition cost, reputation losses diminished goodwill

Detection and escalation $1.09 million

  • Forensics, root cause determination, organizing incident response team, identifying victims

Notification $0.18 million

  • Disclosure of data breach to victims and regulators

Ex-post response $1.10 million

  • Help desk, inbound communications special investigations. remediation, legal expenditures, product discounts, identity protection service, regulatory interventions

Such a loss can cause irreparable damage to an organization’s brand and shakes the trust of its customers. An estimated USD 1.63 million, or about 41% of the total cost of a data breach, is due to lost business. Customers lose trust in the brand, are harder to convince to return or remain with the organization and have more turnover, increasing customer acquisition costs. The other 59% of the cost of a data breach is spent on responding to the breach: notification to victims and regulators, detection and escalation, and ex-post response.

Knowing that such a costly attack is more likely than not to involve an insider, it becomes crucially important to protect crown jewel data from those who would abuse it. But in today’s information-driven economy, many different types of data fall into that category, and many different types of users gain access to it.

1 IBM Cost of Data Breach Study http://www.ibm.com/security/data-breach/index.html