Phishing Cause $3.77 Million Loss Annually to an Averaged Large Company

Cutimes.com reported on 26th August, 2015 stating that organisations incur costs due to successful phishing attacks which are mostly related to loss of productivity of employees and uncontrolled compromises of credentials which altogether amount to $3.77 million per year for an averaged sized organization.

Wombat Security Technologies based at Pittsburgh and Ponemon Institute based at Traverse City, Mich. published a key findings of a new report "The Cost of Phishing and Value of Employee Training."

In the report, Ponemon Institute found that the click rate of phishing email improved an average of 64% after security training. This improvement denotes change in behavior of employees who had been victim of phishing scams in the workplace before and after training. Ponemon calculates likely cost savings of $1.8 million or $188.4 per employee/user.

Ponemon revealed that employees waste on an average 4.16 hours in a year because of phishing scams and accordingly, it comes to wastage of 39,736 hours due to phishing for an averaged-sized organization (9,552 individuals with user access to corporate email systems). Productivity loss becomes $1,819,923 a year on the basis of an average labor rate of $45.8 for non-IT employees.

$381,920 is the average annual cost to contain a compromise of credential resulting from a successful phishing attack and an uncontained credential compromise might cost a company to the tune of $105.9 million.

Infosecurity-magazine.com published news in August quoting Larry Ponemon, Chairman and Founder of Ponemon Institute, as saying "While talking to security officers, we have come to know that many do not expect more benefit from employee training as part of their defense strategy to combat phishing attacks. The research proves that security officers expect more benefits from the employee education. As the threat continues to increase and phishing scams become more advanced, this research reveals that employees having security training are far less likely to fall victim to a phishing attack."

Betanews.com published news on 26th August, 2015 quoting Joe Ferrara, President and CEO of Wombat Security Technologies, as saying "This also proves that an overall security posture is multi-faceted and needs to educate employees to protect against increasingly more advanced phishing attacks which leave companies vulnerable to significant losses and disturbance to business."

» SPAMfighter News - 9/4/2015