Investigation of Corporate Phishing Incidents Costs $4.86 Million Per Year

New figures from email security company Agari show organizations are now spending $4.86 million a year triaging, investigating, and responding to phishing incidents.

The Agari Q1 2019 Email Fraud & Identity Deception Trends report shows that on average, organizations are now having to investigate around 23,000 phishing incidents a year. Approximately half of the emails reported to security teams by employees are false positives, but they still take a toll. Those emails must be checked by incident response teams and the volume of emails can delay responses to genuine threats. Agari notes that it now takes approximately 6 hours to respond to each phishing incident, which costs an average of $253 per incident.

The most common tactic used in email attacks in the final quarter of 2018 was impersonation, which was used in 50% of email attacks. Microsoft is impersonated in 70% of those attacks, with other commonly impersonated brands including Netflix, FedEx, Amazon, and the Internal Revenue Service (IRS).

The reason that Microsoft tops the list is because cybercriminals are seeking credentials for Office 365 accounts, which can be used in account takeover attacks on other individuals in the organization and business contacts. Account takeover threats account for 20% of all inbound email attacks on employees. One third of advanced email attacks target C-level employees and use display names of trusted individuals.

The problem for businesses is most email security solutions struggle to identify email account takeover attacks because the emails are sent from a genuine, trusted internal email account or the account of a trusted business contact.

These attacks tend to be performed on high profile employees and executives. Their accounts can be used in BEC scams and can be highly lucrative, resulting in fraudulent wire transfers of hundreds of thousands of dollars. These attacks are also commonly used to obtain the W-2 Forms of employees, which are used in tax fraud and identity theft.

Given the increase in email-based attacks and the high cost of data breaches, an advanced email security solution is essential to make sure that the majority of these threats are blocked before any damage is caused.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of