Proofpoint and Ponemon Institute reveal skyrocketing phishing costs

Proofpoint and Ponemon Institute have found that average phishing costs have sored to US14.8bn annually, quadrupling since 2015.
Proofpoint and Ponemon Institute have found that average phishing costs have sored to US14.8bn annually, quadrupling since 2015.

Proofpoint and leading cybersecurity and top IT security research organization, Ponemon Institute, released a new study examining the Cost of Phishing. The report has revealed that the cost associated with phishing attacks has almost quadrupled in the last six years. As a result, large companies in the US are losing an average of US$14.8mn annually, or $1,500 per employee. This is a drastic $3.8mn increase from 2015’s figure.

The cost of phishing

Proofpoint and Ponemon Institute surveyed 600 IT and IT security practitioners in the latest study. According to those surveyed, the most expensive cybersecurity attacks are ransomware attacks and BEC. This cost is not limited to the funds demanded by the attackers, but also to the loss of productivity, and the cost of responding to attacks.

According to Proofpoint, credential compromise precedes BEC attacks and ransomware, as attackers trick or “phish” employees into sharing their login information. The Anti-Phishing Working Group (APWG) describes phishing as a crime that uses social engineering and technical subterfuge to obtain personal and financial data. However, the most concerning aspect of these threats is their growth rate, with the number of phishing attacks doubling in 2020 alone.

“When people learn that an organization paid millions to resolve a ransomware issue, they assume that fixing it cost the company just the ransom. What we found is that ransoms alone account for less than 20% of the cost of a ransomware attack,” said Larry Ponemon, Chairman and Founder of Ponemon Institute. 

“Because phishing attacks increase the likelihood of a data breach and business disruption, most of the costs incurred by companies come from lost productivity and remediation of the issue rather than the actual ransom paid to the attackers.”

Additional key findings
  • One of the most costly outcomes of a phishing attack is the loss of productivity. According to Proofpoint, an average US company of 9,567 people will lose as much as 63,343 wasted hours each year. This equates to seven hours lost per employee per year on phishing scams, a four-hour increase from 2015.
  • The compromise of a business email costs nearly $6mn a year for a large company. $1.17mn of that figure comprises payments made to BEC attackers. 
  • Ransomware costs a large organization on average US$5.66mn. $790,000 accounts for the paid ransoms themselves. 
  • Security Awareness Training reduces phishing expenses by over 50%. 
  • The cost of resolving a malware infection has more than doubled since 2015. In 2021, the total cost to resolve a malware attack is $807,506, a sharp increase from $338,098 in 2015.
  • In addition to the cost of resolving an infection, the credential compromise costs have also increased dramatically in the last five years. Organizations are dedicating more money to respond to these attacks, and as a result, the average cost to contain phishing-based credential compromises has increased from $381,920 in 2015 to $692,531 in 2021.
  • According to Proofpoint, business leaders need to pay attention to probable maximum loss scenarios. For example, BEC attacks could incur losses from business disruptions up to $157mn is organizations are not prepared. 

“Because threat actors now target employees instead of networks, credential compromise has exploded in recent years, leaving the door wide-open for much more devastating attacks like BEC and ransomware,” said Ryan Kalember, executive vice president of cybersecurity strategy, Proofpoint. “Until organizations deploy a people-centric approach to cybersecurity that includes security awareness training and integrated threat protection to stop and remediate threats, phishing attacks will continue.”

READ MORE:

About Proofpoint

Proofpoint is a leading cybersecurity and compliance company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies worldwide stop targeted threats, safeguard their data, and make their users more resilient against cyberattacks. Leading organizations of all sizes, including more than half of the Fortune 1000, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...

Custom Software Development

Natalia Yanchii • 04th October 2024

There is a wide performance gap between industry-leading companies and other market players. What helps these top businesses outperform their competitors? McKinsey & Company researchers are confident that these are digital technologies and custom software solutions. Nearly 70% of the top performers develop their proprietary products to differentiate themselves from competitors and drive growth. As...

The Impact of Test Automation on Software Quality

Natalia Yanchii • 04th October 2024

Software systems have become highly complex now, with multiple interconnected components, diverse user interfaces, and business logic. To ensure quality, QA engineers thoroughly test these systems through either automated or manual testing. At Testlum, we met many software development teams who were pressured to deliver new features and updates at a faster pace. The manual...