• United States



by CSO staff

This is how much spear phishing costs companies

Jan 13, 20162 mins
IT SkillsSecurity

Despite spending an average of $319,327 on spear phishing prevention in the past 12 months, an estimated 28 percent of attacks are getting through and are costing companies dearly.

Credit: Thinkstock/CSO

New research from messaging security provider Cloudmark and technology research company Vanson Bourne provides new insight into IT professionals’ views and experiences with spear phishing attacks, as well as the security and financial impact of these attacks on their organizations.

“With the wealth of information about individuals and organizations now available online, cybercriminals can easily craft targeted attacks to gain access to valuable personal and financial information. Spear phishing has emerged as one of the largest threats facing enterprises today,” said George Riedel, CEO of Cloudmark.

Vanson Bourne surveyed 300 IT decision makers at organizations with more than 1,000 employees in the U.S. and the U.K. to assess the impact of spear phishing attacks, as well as what measures enterprises were taking to combat them.

Highlights from the survey:

* Roughly 70 percent of respondents reported that their organization has implemented a specific solution to prevent spear phishing, investing an average of $319,327 over the past 12 months, focused primarily on anti-spam and anti-virus software as well as employee education. However, 84 percent estimated that a spear phishing attack had penetrated their organization’s security solution and, on average, respondents estimated that 28 percent of attacks are getting through.

* More than 80 percent of companies that experienced a spear phishing attack reported negative impacts to their businesses as a result. The biggest impacts were loss of employee productivity (41 percent), financial loss (32 percent), loss of company reputation (29 percent), damage to brand reputation (27 percent) and the loss of customers (25 percent) and intellectual property (25 percent). In addition, 15 percent reported a decrease in stock price as a direct result of spear phishing attacks. The financial impact of spear phishing over the last 12 months is estimated to be $1,644,119 on average.

* According to respondents, the employees that were the most targeted during spear phishing attacks are the IT staff (44 percent), the financial staff (43 percent) and the CEO (27 percent). Respondents reported that their organization had suffered an average of 10 attacks involving the spoofing of a CEO for financial gain within the last 12 months.

* Of respondents whose organizations use staff training to prevent spear phishing, 61 percent reported that their organization provides ongoing training. On average, respondents’ organizations are testing their employees’ response to spear phishing attacks every four months. Despite routine testing, almost no respondents (3 percent) reported that all employees passed the most recent spear phishing test.

cloud mark phishing survey infographic Cloudmark