Phishing costs large businesses an average of $15 million a year

A security vendor commissioned the Ponemon Institute to survey nearly 600 IT and IT security practitioners to produce the latest phishing research report.

According to the report, large U.S. businesses lose an average of $14.8 million a year to phishing-related cybercrime, up from $3.8 million in 2015, and the average cost of phishing for large U.S. businesses has soared 289 percent over the past six years. lost nearly $15 million.

Phishing credentials are a common starting point for ransomware and business email compromise (BEC). Ransomware costs large enterprises $5.7 million annually, compared with $6 million for BEC, the study said. Phishing costs more than ransomware and BEC combined.

While these are average numbers, they can escalate rapidly in some cases. Companies such as Cognizant, Sopra Steria, and Norsk Hydro have all caused tens of millions of dollars in losses following ransomware attacks.

Larry Ponemon, founder of the Ponemon Institute, believes that the cost of a business after a ransomware attack may far exceed the ransom of the attack itself. He explained: “We found that ransomware alone accounts for less than 20% of the cost of a ransomware attack. Phishing attacks increase the likelihood of data breaches and business disruption for businesses, and companies spend more of their money to cover lost productivity. and bug fixes, not actual ransom payments to attackers.”

According to Proofpoint, the cost of resolving malware infections has doubled since 2015, from $338,098 to $807,506.

However, it’s not just malware that affects profits. The report said the average cost of containing initial credential phishing attacks increased from $381,920 in 2015 to $692,531 in 2021. Businesses typically experience more than five such events per year.

Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint, said: “As attackers now target employees rather than networks, credential breaches have exploded in recent years, opening the door to more damaging attacks such as BEC and ransomware. “Organizations can only stop and remediate the threat of phishing attacks if they deploy a people-centric approach to cybersecurity, incorporating security awareness training and integrated threat protection.

The Links:   MIG10J503H TPS53513RVER