Phishing Costs Rising Steadily

Written by Sue Walsh on December 25, 2008

Phishing is an estimated $3 billion a year industry and the costs incurred by companies who fall victim to such attacks are rising steadily. So says a report by security monitoring firm Cyveillance. Among those costs are fraudulent charges on credit cards, customer support calls, cash withdrawals from hacked accounts, and employee time spent dealing with all the above.  Other costs that are more difficult to place a cash value on include damages to corporate reputations and branding and loss of customers.

          “Phishing attacks can cost organizations anywhere from thousands to millions of dollars per attack in fraud-related losses,” the researchers contend in their report. “Although some of the costs can be measured easily, others are far more difficult to quantify; hard costs associated with phishing can be measured directly in terms of dollars, time and effort; soft costs are the intangible costs that are much more difficult to measure, [but] these costs can have a long-term impact on an organization’s brand.”

The report estimates that for every 500,000 phishing emails sent, 2,500 recipients will fall for it resulting in a net cost to the affected company of $1800 per incident plus an additional $400 per person in related clean up work. They offer these tips to help minimize losses and speed recovery from a phishing attack :

  • Identify the appropriate stakeholders and clearly communicate their responsibilities for responding to attacks
  • Make plans compatible with existing business processes and procedures
  • Create effective internal and external communications processes
  • Create a solid phishing response escalation path
  • Minimize or avoid negative customer experiences
  • Reduce financial losses associated with subsequent online fraud
  • Proactively protect your corporate reputation
  • (required)
  • (required)