One of the biggest challenges for Information Security Managers is demonstrating the value, particularly in "return on investment" terms, of implementing comprehensive security costs. Cost is often used as a reason for not implementing security controls, with an outcome that can skew an organisation's approach to risk acceptance. This presentation will use a case study to demonstrate how the costs of investigating and recovering from a security incident together with the reduced chances of successful identification of the incident source can far outweigh the cost of implementing and maintaining effective security controls. The case study will be based on a combination of different incidents where Bridge Point were the lead forensic investigators.