Security

The Biggest Cost of Phishing Attacks Is Loss of Productivity, Not Data

A new survey finds that the steep costs of phishing attacks can be avoided through proper employee training.

Twitter

Alexander Slagg is a freelance writer specializing in technology and education. He is an ongoing contributor to the CDW family of magazines.

What’s the cost of a phishing attack? A quick response might focus on the data stolen by the cybercriminal — and on any associated noncompliance fines, if customer data is compromised. But loss of productivity is another potential cost, according to the Ponemon Institute’s recent Cost of Phishing and Value of Employee Training study, sponsored by Wombat Security Technologies. In fact, according to this study, lost employee productivity is the largest cost associated with successful phishing attacks.

The study surveyed 377 IT and IT security practitioners in the United States, yielding the following cost estimates associated with phishing scams:

Cost to contain malware: $208,174
Cost of malware not contained: $338,098
Productivity losses from phishing: $1,819,923
Cost to contain credential compromises: $381,920
Cost of credential compromises not contained: $1,020,705
Total extrapolated cost: $3,768,820

While most people would love to wave a magic IT wand and find a technology solution for phishing threats, the most effective approach involves employee training. The Ponemon Institute study indicates that a comprehensive training program yields an average 64 percent improvement in employee avoidance of phishing attacks.

Organizations that use mock attacks and other awareness exercises to train employees to avoid phishing scams can expect a net long-term improvement of 47.75 percent. This results in an estimated cost savings of $1.8 million, or $188.40 per employee/user.

weerapatkiatdumrong/iStock/ThinkStockPhotos