Costs from phishing attacks have tripled since 2015.Â TheÂ average annual cost of phishing has increased from $3.8 million in 2015 to $14.8 million in 2021. This is because phishing has a low entry barrier for cybercriminals with a high-value return. These emails are very easy to create, require little technical knowledge and most importantly, depend solely on one user clicking to succeed.
Phishing attacks not only had direct financial consequences but these attacks also increase the likelihood of a data breach, decrease employee productivity and increase the likelihood of a business disruption, all contributing additional costs. In fact, huge amounts of time and investment are spent dealing with the consequences of a phishing scam. Employee productivity losses are among the costliest to organizations, increasing from an average of $1.8 million in 2015 to $3.2 million in 2021.
Of note is how minimal the losses are from ransomware payments in the grand scheme of things. Ransomware annually costs large organizations $5.66 million. Of that, $790,000 accounts for the paid ransoms themselves. There is a much larger context to the costs these attacks can inflict.
Security training and awareness programs are the best remedy for addressing the dangers posed by phishing attacks. According to respondents, these programs can reduce phishing expenses by more than 50 percent on average. Users are a critical target in phishing attacks and the best defense is a people-centric approach to security.
The Ponemon Instituteâ€™s 2021 Cost of Phishing Study sponsored by Proofpoint surveyed 600 IT and IT security practitioners to better understand the risk and financial consequences of phishing. For the first time in this yearâ€™s study it looks at the threats and costs created by business email compromise (BEC), identity credentialing and ransomware in the workplace.