We’re always talking about the cost of phishing for businesses, but why? Well, you might be surprised to learn that the true costs of phishing aren’t as obvious as you may suspect.

Phishing, of course, is not a new problem. It’s in fact a very old problem that has its roots 20 years ago when people used floppy disks and moved from computer to computer in the good old days of the “sneakernet.”

While phishing is not a new problem, it remains a very viable threat to many organizations – particularly financial institutions, e-commerce companies and government organizations. Rarely a day goes by without a significant attack being reported in the news.

Despite existing layers of security, such as education and training, IDS/IPS, web gateway/web filtering, takedown vendors, etc., there is still a high success rate. It has been estimated that one of every 200 phishing attacks is successful. The average cost of a phishing attack is $150,00 to the organization. That is a significant amount of money.

Now, what may surprise you is that the smallest portion of that cost is the actual fraud. Damage to the reputation and cost of remediation actually account for almost ⅔ of the cost of phishing. Phishing is incredibly costly, and worse, the problem is growing at an alarming rate.