A report by Wombat Security Technologies shows that an average-sized organization can lose up to $3.77 million / €3.34 million per year due to phishing attacks.
The report, carried out on 377 US organizations, provides a breakdown of the costs derived from phishing attacks as follows:
Summarized calculus on the cost of phishing | Estimated Cost |
---|---|
The cost to contain malware | $208,174 |
The cost of malware not contained | $338,098 |
Productivity losses from phishing | $1,819,923 |
The cost to contain credential compromises | $381,920 |
The cost of credential compromises not contained | $1,020,705 |
Total extrapolated cost | $3,768,820 |
As seen from the table, most of the losses are caused by the fact that employees are forced to remediate or mitigate phishing attacks instead of actually doing their jobs.
These productivity losses account for 48% of the total average phishing costs and account for each employee spending 4.16 hours per year on dealing with phishing-related problems.
In case the phishing attacks are successful and result in an attacker launching malware on the company's network, the losses increase as well, with the biggest losses coming for the time being spent investigating and cleaning the infected systems.
Additionally, the report highlights that uncontained malware attacks can cause total industry losses as big as $105 million / €93 million if the result is data exfiltration.