US companies lose $14.8 million annually to phishing attacks

But business email compromise (BEC) and ransomware attacks remain the most expensive threats

Fishing hook attached to an "at" symbol

Phishing costs have almost quadrupled over the past six years as major US organizations lose an average of $14.8 million annually to the attacks, according to a new report.

The new study by Ponemon Institute found that the most expensive threats to businesses include business email compromise (BEC) and ransomware attacks. However, in BEC attacks, payments to hackers made up less than 20% of the total costs.

The survey of IT security practitioners found loss of productivity was one of phishing’s costliest outcomes. In an average-sized US corporation of 9,567 people, this translates to 65,343 wasted hours every year. Each employee loses an average of seven hours annually due to phishing scams, an increase from four hours in 2015, according to the study.

The Cost of Phishing report also found that the costs for resolving malware infections have more than doubled since 2015. The average total cost to resolve malware attacks is $807,506 in 2021, an increase from $338,098 in 2015.

BEC costs organizations an average of $5.96 million annually — only $1.17 million of that are payments organizations make to BEC attackers. The report added that BEC attacks could result in losses of up to $157 million from business disruptions if organizations aren’t prepared. Malware resulting in data exfiltration could cost businesses $137.2 million.

Related Resource

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Prevent fraud and phishing attacks with DMARC - whitepaper from MimecastDownload now

The report also found the average cost of ransomware last year was $5.66 million, and 17.6% of those attacks stemmed from phishing. The report said employee training and awareness programs on the prevention of phishing attacks can reduce costs. According to the research, the average annual cost of phishing scams is $14.8 million, an increase from $3.8 million in 2015.

The survey also found that credential compromises have increased, forcing organizations to spend more to respond to these attacks. The average cost to contain phishing-based credential compromises increased from $381,920 in 2015 to $692,531 in 2021. Organizations are experiencing an average of 5.3 compromises over the past 12-month period, the report said.

Ryan Kalember, executive vice president of cyber security strategy at Proofpoint, said with threat actors now targeting employees instead of networks, credential compromise has exploded, “leaving the door wide-open for much more devastating attacks like BEC and ransomware.”

“Until organizations deploy a people-centric approach to cybersecurity that includes security awareness training and integrated threat protection to stop and remediate threats, phishing attacks will continue,” Kalember added.

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

Researchers disclose top flaws abused by ransomware gangs
ransomware

Researchers disclose top flaws abused by ransomware gangs

20 Sep 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

17 Sep 2021
How do hackers choose their targets?
hacking

How do hackers choose their targets?

17 Sep 2021
Owner of DDoS for hire sites found guilty of hacking offences
distributed denial of service (DDOS)

Owner of DDoS for hire sites found guilty of hacking offences

17 Sep 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021
Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition
mergers and acquisitions

Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition

14 Sep 2021