Phishing Costs Reach New High of $14.8M: ReportPhishing Costs Reach New High of $14.8M: Report
Research finds phishing costs have quadrupled in recent years, costing companies millions of dollars and thousands of hours in wasted time.
August 17, 2021
The cost of phishing attacks has quadrupled over the past six years, causing large US companies to lose an average of $14.8 million each year, according to a new report from Proofpoint and the Ponemon Institute.
Researchers surveyed nearly 600 IT and IT security practitioners to calculate the new average cost, an increase from $3.8 million in 2015. Ransomware and business email compromise (BEC) were the most costly phishing-related attacks, they report, with BEC costing large organizations nearly $6 million annually. Of that, $1.17 million goes toward illicit payments made to BEC attackers. Ransomware costs large organizations $5.66 million each year; of that, $790,000 accounts for ransoms paid to attackers.
"When people learn that an organization paid millions to resolve a ransomware issue, they assume that fixing it cost the company just the ransom. What we found is that ransoms alone account for less than 20 percent of the cost of a ransomware attack," said Larry Ponemon, chairman and founder of Ponemon Institute, in a statement.
"Because phishing attacks increase the likelihood of a data breach and business disruption, most of the costs incurred by companies come from lost productivity and remediation of the issue rather than the actual ransom paid to the attackers," he said.
Researchers also found loss of productivity is one of phishing's costliest outcomes. In an average-sized U.S. corporation of 9,567 people, the study found there are 63,343 wasted hours every year due to phishing scams.
The full study can be found here.
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023