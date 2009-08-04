TMCnet News
New Ponemon Institute Study Reveals Average Phishing Costs Soar to $14.8M Annually, Nearly Quadrupling Since 2015
SUNNYVALE, Calif., Aug. 17, 2021 (GLOBE NEWSWIRE) -- Proofpoint, Inc. (NASDAQ: PFPT), a leading cybersecurity and compliance company, and Ponemon Institute, a top IT security research organization, today released the results of a new study on the Cost of Phishing. The report reveals that the cost of phishing attacks have almost quadrupled over the past six years, with large U.S. companies losing an average of $14.8 million annually (or $1,500 per employee), up sharply from 2015’s figure of $3.8 million.
According to the study, which surveyed nearly 600 IT and IT security practitioners, the most expensive threats to businesses include BEC and ransomware attacks. But the costs to organizations extend far beyond the funds transferred to the attackers.
“When people learn that an organization paid millions to resolve a ransomware issue, they assume that fixing it cost the company just the ransom. What we found is that ransoms alone account for less than 20 percent of the cost of a ransomware attack,” said Larry Ponemon, Chairman and Founder of Ponemon Institute. “Because phishing attacks increase the likelihood of a data breach and business disruption, most of the costs incurred by companies come from lost productivity and remediation of the issue rather than the actual ransom paid to the attackers.”
Credential compromise (credential theft) generally precedes attacks like BEC and ransomware, usually in the form of an employee being “phished” into giving up their login credentials. According to the Anti-Phishing Working Group (APWG), phishing is a crime employing both social engineering and technical subterfuge to steal personal identity data and financial account credentials. The growth of phishing is not gradual – it’s growing exponentially, with the APWG estimating that phishing attacks doubled in 2020 alone.
Other key findings from the 2021 Cost of Phishing report include:
“Because threat actors now target employees instead of networks, credential compromise has exploded in recent years, leaving the door wide-open for much more devastating attacks like BEC and ransomware,” said Ryan Kalember, executive vice president of cybersecurity strategy, Proofpoint. “Until organizations deploy a people-centric approach to cybersecurity that includes security awareness training and integrated threat protection to stop and remediate threats, phishing attacks will continue.”
To download the Ponemon Cost of Phishing 2021 report, please visit: https://www.proofpoint.com/us/resources/analyst-reports/ponemon-cost-of-phishing-study
For more information on Proofpoint’s fully integrated Phishing solutions, visit: https://www.proofpoint.com/us/solutions/protect-against-phishing
