Sep 21 2015

The Biggest Cost of Phishing Attacks Is Loss of Productivity, Not Data

A new survey finds that the steep costs of phishing attacks can be avoided through proper employee training.

What’s the cost of a phishing attack? A quick response might focus on the data stolen by the cybercriminal — and on any associated noncompliance fines, if customer data is compromised. But loss of productivity is another potential cost, according to the Ponemon Institute’s recent Cost of Phishing and Value of Employee Training study, sponsored by Wombat Security Technologies. In fact, according to this study, lost employee productivity is the largest cost associated with successful phishing attacks.

The study surveyed 377 IT and IT security practitioners in the United States, yielding the following cost estimates associated with phishing scams:

  • Cost to contain malware: $208,174
  • Cost of malware not contained: $338,098
  • Productivity losses from phishing: $1,819,923
  • Cost to contain credential compromises: $381,920
  • Cost of credential compromises not contained: $1,020,705
  • Total extrapolated cost: $3,768,820

While most people would love to wave a magic IT wand and find a technology solution for phishing threats, the most effective approach involves employee training. The Ponemon Institute study indicates that a comprehensive training program yields an average 64 percent improvement in employee avoidance of phishing attacks.

Organizations that use mock attacks and other awareness exercises to train employees to avoid phishing scams can expect a net long-term improvement of 47.75 percent. This results in an estimated cost savings of $1.8 million, or $188.40 per employee/user.


Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.