Report: Phishing scams cost large companies more than $3M per year

Dive Brief:

A new report from the Ponemon Institute found the average 10,000-employee company spends $3.7 million a year dealing with phishing attacks.
About half of those costs are due to productivity losses.
The average employee spends 4.16 hours a year on phishing scams, according to the Ponemon Institute.

Dive Insight:

The study found that 27% of the costs related to phishing scams involved responding to a data breach caused by a compromised credential; 10% involved the direct costs of addressing compromised credentials; 9% involved the risk of a data breach caused by malware; and the remaining 6% involved the direct costs of containing malware.

"Everyone understands the cost of a breach, and one of the biggest threat vectors is phishing," said Joe Ferrara, CEO at Wombat Security Technologies, which sponsored the report. "But I don't think anyone really had a handle on all the costs layered into it.”

But companies that take the time to train employees on the dangers of phishing often see rewards, Ferrara said. The report found that training programs gave companies improvements of between 26% and 99% in their phishing email click rates.