Phishing attacks have been a consistent threat against enterprises, and new research shows that phishing mitigation may also be costing companies. Some large organizations with robust security staff may spend as much as $1.1 million per year to mitigate phishing attacks. Phishing related security activities take up roughly one-third of the total time available to security teams. A newly published report found that a single malicious message reported to IT staff can take a total of 27 minutes and $31 in labor to mitigate. However, the longer it takes to address the security risk, the higher the cost.
The cost of mitigating phishing attacks coupled with the consequences of phishing attempts that are successful results in about a third of organizations recognizing phishing as a threat to their business. Successful phishing attacks typically result in loss of account credentials, business email compromise, and data theft. The recent research comes from email security firm Ironscales and Osterman Research. Phishing is expected to remain a top threat to organizations, and the risks may become more extreme as threat actors craft more sophisticated campaigns and messages that are harder to detect and easier to fall for. The research states that enterprises should be alert and prepared to deal with more sophisticated phishing attacks.