The Cost of Phishing For Businesses
- by Justice Levine
Since the first phishing email around 1995, cybercriminals have used typical and spear phishing emails as a gateway to gaining access to sensitive information. Unfortunately, there are no signs of phishing attacks slowing down, as it is a lucrative business that profits from activities like direct ransomware attacks. Everyone knows there’s a financial cost associated with phishing attacks (that often lead to ransomware), but there’s so much more at stake than just paying the ransom.
The increase in phishing attempts takes a toll on organizations and their teams tasked with defending users against such breaches. Successful phishing has led threat actors to offer Phishing-as-a-Service scams that bypass most spam filters for $1,500. Let’s discuss the financial costs an attack can have on a business, as well as the three business costs of phishing protection and how you can ensure the safety of your business.
What Is The Cost of Phishing Protection for Businesses?
The increase in phishing attempts takes an expensive toll on organizations and the teams tasked with defending users. These impacts come in the form of:
The Time Cost of Phishing Defense
Dealing with phishing emails is time-consuming, energy-depleting, and distracting for team members who could be focusing on other projects. The market intelligence company Osterman recently determined that IT and security teams, on average, spend 27.5 minutes handling a single phishing email, and 70% of organizations spend 16-60 minutes from discovery to removal of one email threat. One-third of working hours each week are spent handling phishing-related activities, and 67% of employees expect the time spent mitigating phishing risks each week to stay the same or increase, which makes allowing these email threats to run even more costly.
The Financial Cost of Phishing Defense
Threat actors invest money into phishing campaigns to increase the volume of messages and the odds of a successful scheme. This means that dealing with phishing messages becomes financially expensive for organizations. Discovering and mitigating a single phishing email costs $31.32, which increases exponentially as the volume of phishing messages increases.
Nearly one-third of your staff’s time each week is spent handling phishing email threats, which equates to $45,726 in salary and benefits paid per IT and Security professional. An IT and security team of 10 costs around $457,260 per year on labor to handle any phishing types.
The Cost of Doing Nothing
The average cost of a data breach where phishing is the initial attack vector is $4.91 million, and the average cost of a ransomware attack - excluding the ransom price - is $4.54 million. This doesn’t include the loss of customer trust, reputation, market value, and regulatory fines. Most corporate staff employees are trained to recognize potentially malicious emails, which has caused cybercriminals to pivot to more problematic and evasive tactics to ensure success.
How Are Attacks Delivered?
Phishing is a prevalent email threat that continues to grow more widespread every year. Cybersecurity threat trends suggest that at least one person clicked a phishing link in around 86% of organizations, with phishing accounting for about 90% of data and email security breaches. As the attacks become more complex and damaging, organizations will spend more time and money mitigating them. Hackers use adaptive techniques or polymorphic attacks that slightly alter each phishing message, effectively decreasing the likelihood the message will be flagged as a phishing scam.
How Can I Avoid Phishing Emails?
Having the tips and best practices for email security awareness is essential for recognizing and avoiding phishing emails, which is critical to protecting sensitive information and preventing future phishing email attacks. With proper preparation, you can drastically lower the cost and impact of an attack. Implementing even stronger practices can reduce an organization’s exposure to email threats and minimize potential damage. Many businesses rely on endpoint threat protection security to safeguard users and critical business assets, despite this ineffective approach in combating sophisticated and evolving threats.
A capable email security software solution requires additional layers of proactive phishing protection accompanied by expert, ongoing system monitoring, maintenance, and support. This system must anticipate and learn from emerging attacks, and it offers real-time cybersecurity business insights to improve decision-making and policy enforcement.
Email Scam Costs Construction Company $800K
In the summer of 2022, authorities seized more than $800,000 from a bank account in Houston. It was controlled by people accused of using online scams to defraud a construction management company, according to U.S. Attorney Alamdar Hamdani.
The U.S. Attorney's Office filed a civil complaint in late January alleging that one or more unidentified perpetrators used phishing email attacks or malware to access the construction company’s email servers and accounts. This was all in an effort to collect payments the company owed to an engineering business they had been working with on a railway expansion project in California.
The hackers identified the construction company employees responsible for financial dealings and sent them emails from a fake address posing as an engineering company employee. Soon after, according to officials, the construction management company was tricked into sending money to the Houston bank account controlled by the conspirators.
According to the complaint, the bank account was posing as " H&H Engineering Construction Inc.," the name of a California-based rail maintenance and construction contractor. The attackers used a Business Email Compromise scheme to compromise and copy legitimate business email accounts and use them to claim wire payments from legitimate transactions. According to the FBI, from October 2013 to July 2019, there were over 69,000 such schemes in the U.S., accounting for more than $10 billion in losses.
Keep Learning About Phishing Prevention
The number of phishing email attacks continues to increase and plague businesses of all sizes, making it imperative that your organization is prepared for any type of threat. Implementing comprehensive email security software can help ensure advanced threat protection against targeted spear phishing emails and malware ransomware.
- Learn more about protecting your business from ransomware.
- Improve your email security posture to protect against attacks and breaches by following our email security tips.
- Keeping the integrity of your email safe requires securing your email cloud with spam filtering and enterprise-grade anti-spam services.
- Avoid phishing attacks and ransomware with tips from our Behind the Shield newsletter.
Must Read Blog Posts
- Demystifying Phishing Attacks: How to Protect Yourself In 2024
- What You Need to Know to Shield Your Business from Ransomware
- Shortcomings of Endpoint Security in Securing Business Email
- Microsoft 365 Email Security Limitations You Should Know
- Complete Guide to Email Viruses
- How Phishing Emails Bypass Microsoft 365 Default Security
Phishing Is Evolving
Are Your Current Email Defenses Falling Behind?
Latest Blog Articles
- Understanding Spyware: Types, Risks, and its Effects on Devices
- Strategies for Safeguarding Online Privacy & Protecting Customer Data
- Trends for 2024: Mobile is the New Target
- Investing in Email Security: Reaping the Benefits & Navigating the Challenges
- How Can Information Assurance Help Secure Sensitive Data?
- The Cloud and Data Loss: How to Protect Your Organization's Critical Data
- Identity Verification in a Data Privacy-Conscious World: The Future of Digital Security
- A Student’s Perspective on Phishing Scams in Universities
- Integrating Best IAC Security Practices into Your Pipeline
- Are Employees the Weakest Link in Your Email Security Strategy?