Average phishing costs are £2.4 million – about half due to productivity losses

man-coffee-cup-penPonemon Institute reveals that dealing with phishing attacks costs the average 10,000-employee company $3.77 million (GBP£2.4 million) a year.

CSO Online reports that the survey was conducted with 377 IT professionals and showed that about half of the cost was a result of productivity losses.

This is because the average employee spends over four hours a year on phishing scams.

The other costs can be broken down as follows:

  • 27% – responding to a data breach due to a compromised credential
  • 10% – direct costs of addressing compromised credentials
  • 9% – dealing with the risk of a data breach caused by malware
  • 6% – direct costs of containing malware

According to Ponemon, companies that implement staff awareness training see improvements of between 26% and 99% in their phishing email click rates.

The average improvement rate of staff awareness training programmes is 64%.

The 2015 Verizon Data Breach Investigations Report lists phishing as the second most common threat vector, causing about 25% of all data breaches last year.

IT Governance’s Phishing Staff Awareness e-learning course, combined with the Phishing Attack Simulation, can help companies avoid the risk of a data breach by increasing staff vigilance and knowledge of how to avoid phishing attacks.


Share now…

Share on Twitter Share on Facebook Share on LinkedIn