Research shows that the cost of phishing attacks has nearly quadrupled in the past six years, with large US companies now losing an average of $14.8 million annually, or $1,500 per employee.
That's a significant increase from the $3.8 million in 2015, according to a new study by the Ponemon Institute, which shows that phishing has led to some of the most costly cyber attacks.
One of the most expensive types of threats is BEC corporate email hacking. The cost of BEC skyrocketed in 2020, with more than $1.8 billion stolen from the foundation.
Cyber scammers have launched more fluid attacks pretending to be either a person in the organization, a partner, or a provider of financial fraud.
Ransomware attacks are among the most expensive, and experts track the high cost of ransomware attacks. However, paying the company for ransomware during a ransomware attack is only a part of the true cost of a phishing attack. This is the result of a study titled “The Cost of Phishing in 2021.”
“When people know that a company has paid millions of dollars to fix a ransomware problem, they think the company just has to pay a ransom to fix the problem to get it fixed,” said Larry Ponemon, president and founder of the Ponemon Institute. “Ransomware is only less than 20% of the cost of ransomware attacks.”
Since phishing attacks increase the potential for data breaches and business disruption, most of the costs businesses incur come from slowing productivity and problem-solving rather than the actual ransom being paid.
Loss of productivity phishing problem
Most of the cost of phishing attacks is lost in terms of speed and recovery, along with many other investigation and compliance costs.
According to the table, it summarizes the number of annual hours that a medium-sized company earns for six assignments each year. The longest task in solving phishing messages is to clean, repair and investigate the infected system.
The study found that a medium-sized US company has 9,567 employees. Loss of productivity equals a loss of 63,343 hours per year.
Each employee spends an average of 7 hours per year on phishing, up from 4 hours in 2015.
The researchers found that the average annual cost of phishing rose from $3.8 million in 2015 to $14.83 million in 2021.
Productivity losses decreased from $1.8 million in fiscal year 2015 to $3.2 million in fiscal year 2021.
The annual cost of the BEC attack is estimated at $5.97 million. The average cost of a ransomware attack is estimated at $996,000.