• United States




Reading between the lines: the real impact of insider threat

Nov 29, 20175 mins
Data and Information SecurityData BreachRisk Management

Insider threats can have a profound impact on an organization. Beyond the lost value of the asset that was removed, disclosed or destroyed, organizations can suffer immediate losses of intrinsic value as well as lost revenue.

security risk thinkstock keyboard
Credit: Thinkstock

Previously, I examined the legal incentives for monitoring employees and building insider threat programs. In further support for robust insider risk management, we now turn to the types of impacts that insider threats can have on organizations (costs of specific insider threat events will be examined in a subsequent post). Impacts refer to adverse effects an organization experiences as a result of a security event. These impacts, or adverse effects, generally fall into five categories: value, operations, reputation, culture, and liability. 


Value refers to the monetary qualities of the business. There are three categories of value: market value, intrinsic value, and revenue.

Market value

Insider threat events can have a direct impact on the market value of a business. For example, when the arrest of former Booz Allen contractor Harold Martin was announced, Booz Allen’s share price immediately fell by 5%. Another example involved an auditor for a large company who embezzled $5 million. Upon public disclosure of his arrest, the stock plunged 10%.

Intrinsic value

Insider threat events can also have a direct impact on the intrinsic value of a business since intellectual property comprises 50 to 80% of the businesses value. Theft of new product designs and strategies can have catastrophic consequences.


Insider events can also directly impact revenue. The intellectual property theft at American Superconductor immediately resulted in the loss of $800 million in revenue. According to Cisco, nearly one-third of businesses that suffered a breach lost more than 20% of their revenue. That’s real money!


Operations refers to the ability of a business to execute its mission. There are three general categories of operational impact: operational disruption, increased overhead, and remediation costs.

Operational disruption

Operational disruption is difficult to quantify but includes unplanned expenses, increased staffing, inability to deliver goods and services, and excessive or new R&D costs. A detailed study by Deloitte, estimated that for a large company that suffered intellectual property theft, the five-year operational disruption cost would be a whopping $1.2 billion!

Increased overhead

Increased overhead due to necessary cyber security improvements, staff retraining, etc. also impact business operations and can exceed $13 million for a large corporation.

Remediation costs

According to the Ponemon Institute, the average remediation costs was $4.3 million in 2016, but decreased to $3.6 million in 2017. However, according to Deloitte, the remediation costs can be much higher and exceed over $10 million. This is of course, largely fact specific depending on the size of the organization, the degree to which the organization was harmed, and the required mitigation actions needed.


Reputation impact can be assessed by examining three areas: public relations expenditures, customer relationships, and the devaluation of trade names. Reputation, although difficult to quantify, is often the second most affected aspect of the business following a compromise – second only to value. According to Cisco, half of organizations that were breached expended significant resources to actively manage the reputation and 42% of them lost nearly 20% of their existing customer base. Moreover, a detailed study by Deloitte uncovered that new customer acquisition decreased by as much as 50%. The study also revealed that large companies spent an average of $1,000,000 during a 12 month period to restore their reputation. The same study revealed a large company could experience an impact of $250 million over a five-year period by the devaluation of its trade name alone.


Culture is often ignored when impacts are discussed, however, culture is the lifeblood of any organization. Culture holds the shared values, norms, beliefs and assumptions that ultimately drive employees’ actions. According to the Society for Human Resource Management, typical businesses experience 24% turnover each year and most employees only stay 4.5 years in a position – millennials stay even less at two years on average. This results in financial and logistical problems, but also data protection problems. According to research, most employees intentionally take confidential data with them when they leave and most will seek to use this to the detriment of the organization.  Add a significant corporate impact such as a data breach to this equation and the impact on culture is dramatically magnified. This can result in additional turnover, increased distrust, and an eroding of morale all which can exacerbate the effects of a breach. In short, culture shapes everyday behavior and a bad culture will lead to bad behavior.


Liability refers to the external costs that are levied on an organization. Liability costs include compliance fines, breach notification costs, increased insurance costs, and litigation costs including attorney fees. These costs can be large ranging from $20 per record per customer breach, to $3 million in litigation costs, 200% increase in insurance costs, and fines that can exceed $1 million. Moreover, litigation settlements can exceed tens of millions of dollars for large breaches.

Key takeaways

Insider threats can have a profound impact on an organization. Beyond the lost value of the asset that was removed, disclosed or destroyed, organizations can suffer immediate losses of intrinsic value as well as lost revenue. The ability to deliver goods and services may also be adversely impacted as well as damage to reputations – both corporate and individual (see Target firings). Lastly, an insider event may impact the culture of an organization which can lead to increased turnover and distrust, further exacerbating the effects of the breach and increase security vulnerabilities.


Shawn M. Thompson is the founder and director of the Insider Threat Training Academy and founder and president of the Insider Threat Management Group, LLC, which provides strategic cyber security and insider risk management advisory services and training to the private sector. He possesses over 15 years’ investigating, prosecuting, and managing insider threats and cyber intrusions and is widely sought-after for his unique expertise.

Mr. Thompson is a former federal prosecutor and senior government official who held executive positions with several agencies including the DOJ, FBI, DoD and DNI. As a seasoned risk management professional, author, experienced prosecutor, credentialed Special Agent, and trained analyst, his cyber security acumen is second to none. He is a pioneer in the field of cyber security and insider risk management, serving as a frequent guest speaker and thought leader on a variety of security topics.

Mr. Thompson serves as a trusted advisor for the highest levels of government as well as private sector C-suite and Board of Directors alike. He is a member of the Maryland Bar.

The opinions expressed in this blog are those of Shawn M. Thompson and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.