Skip to main content

Organizations losing millions to phishing attacks each year

phishing
(Image credit: Image Credit: wk1003mike / Shutterstock)

Businesses are losing millions of dollars every year, falling victim to various phishing scams and ransomware attacks. This is according to a new report, jointly released by cybersecurity firm Proofpoint and research organization The Ponemon Institute.

According to the paper, based on a poll of more than 600 IT professionals, large US companies lose $14.8 million every year to phishing and ransomware on average. Compared to six years ago, this figure has quadrupled. 

The study says business email compromise (BEC) and ransomware attacks are the most expensive forms of assault. Both usually start with an employee’s credentials being taken through a successful phishing attempt.

What’s more, the losses extend far beyond money stolen; businesses also lose a lot on productivity, with 63,343 hours wasted every year due to these attacks. The cost for resolving malware infections has more than doubled since 2015, while the average cost to contain phishing-based credential compromises has increased from $380,000 in 2015 to almost $700,000 today.

What’s more, businesses are now forced to train their employees on cybersecurity best practices - another added cost.

“Because threat actors now target employees instead of networks, credential compromise has exploded in recent years, leaving the door wide-open for much more devastating attacks like BEC and ransomware,” said Ryan Kalember, EVP Cybersecurity Strategy at Proofpoint. 

“Until organizations deploy a people-centric approach to cybersecurity that includes security awareness training and integrated threat protection to stop and remediate threats, phishing attacks will continue.”