2022 October 1
The Business Cost of Phishing report reveals organizations with 25 IT and security professionals are spending more than $1 million per year to handle phishing
IRONSCALES, the leader in AI-powered email security and the fastest growing email security company in the world, today announced the results of a new study conducted by Osterman Research to quantify the direct costs borne by organizations in mitigating phishing threats, and to explore expectations about how phishing will change over the next 12 months. The report includes survey responses from more than 250 IT and security practitioners.
“This new report quantifies this impact in terms of the time and energy required to defend against the never-ending and ever-evolving onslaught of these attacks. It also reveals where practitioners feel these attacks will spread next.
The Business Cost of Phishing shows that IT and security teams spend one-third of their time handling phishing threats every week. Seventy percent of organizations spend 16-60 minutes dealing with a single phishing email message. On average, dealing with the threat of a single phishing email takes 27.5 minutes at a cost of $31.32 per phishing message. Most respondents expect the impact of phishing to get worse over the coming 12 months, with 67% expecting the time spent on phishing per week for IT and security teams to stay the same or increase.
“Organizations of all sizes and across all geographies continue to struggle with the impact of phishing attacks,” said Ian Thomas, vice president of Product Marketing at IRONSCALES. “This new report quantifies this impact in terms of the time and energy required to defend against the never-ending and ever-evolving onslaught of these attacks. It also reveals where practitioners feel these attacks will spread next.”
Phishing represents a significant threat to organizations. One-third of organizations indicate phishing is a “threat” or “extreme threat” due to the consequences such as loss of account credentials, business email compromise and data theft.
The dynamics of phishing attacks are changing. Eighty percent of organizations state that various dynamics of phishing have worsened or remained the same over the past 12 months. These dynamics were the number of phishing attacks (82 percent increased or stayed the same), the sophistication of phishing attacks (80 percent) and the ability of phishing attacks to bypass current detection mechanisms (79 percent).
Concerns with characteristics of phishing threats. A diverse set of increasingly sophisticated phishing threats are causing “concern” or “extreme concern” for organizations including use of adaptive techniques to create unique attributes for each phishing message (51 percent), use of compromised account credentials to hijack current email threads to send phishing threats (48 percent) and use of advanced obfuscation techniques to hide phishing threats (48 percent).
Phishing is spreading to other tools. Almost half of the respondents state that phishing is spreading to tools beyond email, including messaging apps (57 percent), cloud-based file sharing platforms (50 percent) and text messaging services (49 percent).
IRONSCALES is the leader in AI-powered email security protecting over 13,000 global organizations from advanced phishing threats. As the pioneer of adaptive AI, we detect and remediate attacks like business email compromise (BEC), account takeovers (ATO), and zero-days that other solutions miss. By combining the power of AI and continuous human insights, we safeguard inboxes, unburden IT teams, and turn employees into a vital part of cyber defense across enterprises and managed service providers. IRONSCALES is headquartered in Atlanta, Georgia. To learn more, visit www.ironscales.com or follow us on X @IRONSCALES.