New Study Finds Phishing Represents a Huge Time and Expense Burden for Organizations

The Business Cost of Phishing report reveals organizations with 25 IT and security professionals are spending more than $1 million per year to handle phishing

IRONSCALES, the leader in AI-powered email security and the fastest growing email security company in the world, today announced the results of a new study conducted by Osterman Research to quantify the direct costs borne by organizations in mitigating phishing threats, and to explore expectations about how phishing will change over the next 12 months. The report includes survey responses from more than 250 IT and security practitioners.

The Business Cost of Phishing shows that IT and security teams spend one-third of their time handling phishing threats every week. Seventy percent of organizations spend 16-60 minutes dealing with a single phishing email message. On average, dealing with the threat of a single phishing email takes 27.5 minutes at a cost of $31.32 per phishing message. Most respondents expect the impact of phishing to get worse over the coming 12 months, with 67% expecting the time spent on phishing per week for IT and security teams to stay the same or increase.

“Organizations of all sizes and across all geographies continue to struggle with the impact of phishing attacks,” said Ian Thomas, vice president of Product Marketing at IRONSCALES. “This new report quantifies this impact in terms of the time and energy required to defend against the never-ending and ever-evolving onslaught of these attacks. It also reveals where practitioners feel these attacks will spread next.”

Marketing Technology News: Bombora’s Intent Data Helps Inbox Insight Get Content to a Customer’s Hungriest Buyers

“Organizations of all sizes and across all geographies continue to struggle with the impact of phishing attacks”

Key Findings

Phishing represents a significant threat to organizations. One-third of organizations indicate phishing is a “threat” or “extreme threat” due to the consequences such as loss of account credentials, business email compromise and data theft.

The dynamics of phishing attacks are changing. Eighty percent of organizations state that various dynamics of phishing have worsened or remained the same over the past 12 months. These dynamics were the number of phishing attacks (82 percent increased or stayed the same), the sophistication of phishing attacks (80 percent) and the ability of phishing attacks to bypass current detection mechanisms (79 percent).

Concerns with characteristics of phishing threats. A diverse set of increasingly sophisticated phishing threats are causing “concern” or “extreme concern” for organizations including use of adaptive techniques to create unique attributes for each phishing message (51 percent), use of compromised account credentials to hijack current email threads to send phishing threats (48 percent) and use of advanced obfuscation techniques to hide phishing threats (48 percent).

Phishing is spreading to other tools. Almost half of the respondents state that phishing is spreading to tools beyond email, including messaging apps (57 percent), cloud-based file sharing platforms (50 percent) and text messaging services (49 percent).

Marketing Technology News: MarTech Interview with Zohar Bronfman, CEO and Co-Founder at Pecan


Gauge phishing awareness among employees using surveys and incorporate phishing material in future training materials to compensate for any knowledge gaps and reduce the susceptibility to these fraudulent emails.
Use the principle of least privilege access to ensure that even if an employee’s account gets compromised, your attack surface is minimized by restricting access levels to only what’s necessary for job functions and duties.
Use phishing simulation and training exercises to give employees practical opportunities at improving their ability to detect social engineering techniques common across various types of attacks.
If you have a BYOD policy that allows employees to connect their smartphones to your corporate network and apps, update the policy to include specific tips and guidance for employees in ensuring they don’t fall victim to text-based scams

buy modafinil online where to buy modafinil