Email Security Blog

Phishing Statistics: What an Attack Costs Your Business

If it seems like you’re hearing more often about data breaches, it’s not your imagination.

There has been a 64.4% increase in data breaches over the past six years.1

The number of phishing attacks grew by double digits last year alone and it shows no signs of slowing.1

The vast majority of cyber-attacks start with phishing emails. Whether it’s enticing someone to click on a malicious link, tricking them into giving up their credentials or opening up a pathway for cybercriminals to get inside your network, phishing practitioners can cause major problems for companies.

While many phishing attempts aim to steal data, cybercriminals are also changing or destroying data. Ransomware attacks, launched by a phishing email, encrypt data and hold it for ransom unless you pay a fee to get the key to recover your data. Crooks are getting inside networks and damaging core systems and controls that have long-reaching effects.

Small businesses are not immune to data breaches. One study showed that 28% of small businesses surveyed had experienced a data breach in the prior 12 months. Of those, 37% suffered a financial loss, 25% filed for bankruptcy, and 10% went out of business.2

Phishing Attack Statistics

Phishing emails are still the main weapon threat actors are using. The FBI reported cybercriminals stole more than $19 billion from companies in 2020 using phishing attacks and business email compromise.1 These are no longer isolated incidents

It happens to some of the biggest names in tech and business. Facebook and Google had $100 million stolen in a C-level phishing attack. Crelan Bank lost $75 million. Upsher-Smith was hit for $50 million. It cost more than $30 million for Ubiquiti Networks, Leoni AG, and Xoom.

The Average Cost of a Data Breach

Phishing attack statistics show that the average cost of a data breach in 2020 was $4.24 million. IBM’s 2021 Cost of a Data Breach report calculates that for data breaches, that works out to roughly $180 for each record that is compromised.3

Once hackers get into your system, it can take months before organizations even know they’ve become a victim. It takes an average of 287 days to ID and contains a breach. That means a January 1st breach would not be contained until October 14th. What’s worse is that the timeline varies by type of attack. If that same January 1st breach was a result of compromised credentials, it would not be contained until December 7th.

To further understand the potential costs of a data breach, imagine that a ransomware attack halted operations. The additional expenses - on top of what might be paid if your company decides to pay a ransom – to be considered will vary by industry, but could include:

  • Employee wages are paid while the staff is unable to work
  • Third-party assistance is needed to respond, repair and restore
  • Loss of business during the downtime
  • Loss of customers who choose to leave for a “more secure” competitor
  • Industry fines

Zero Trust

The weakest link in your cybersecurity is humans. Even when trained, people can still click on a malicious link or fail to recognize the dangers of a phishing email. That’s why you need to stop them from getting through in the first place.

In light of growing attacks, many organizations take a “Zero Trust” approach and rely on AI and analytics to continuously monitor potential phishing threats. And while every organization would benefit from taking a Zero Trust stance on their cybersecurity, only 35% of companies take this approach, and sadly, 43% have no plans to do so.3

What You Need To Know About Phishing And Email Security

You need a phishing attack solution that detects incoming phishing attempts and prevents them from getting through your defenses. It should disable malicious links and quarantine malicious emails. It should educate email users so they can recognize future problematic emails with bold, easily identifiable warnings.

A Phishing Attack Solution

INKY is the industry’s leading anti-phishing software solution. It employs artificial intelligence, machine learning, and computer vision to stop email phishing attacks that other software can’t.

Most anti-phishing software relies on blacklists of known threat actors. The bad guys know this and frequently change strategies, URLs, email, and IP addresses. INKY goes a step further by examining the email itself. It looks for potential discrepancies in company names and can even detect minute changes in logos down to the pixel level. It can detect realistic-looking forgeries that appear to come from legitimate companies that will pass through other software filters.

When it finds suspicious activity, it renders them harmless and displays bold warning messages inside the body of the email that can’t be missed. This banner both warns users and educates them.

The anti-phishing software that’s built into Exchange, Microsoft 365, and Google Workspace simply do not provide enough protection. They depend primarily on blacklists and content filtering. Content filtering flags keywords and common phrases used by phishing attacks but can easily miss more sophisticated attacks. INKY traces links before delivering them. It examines the destination and quarantines the link until it makes sure it’s safe.

Reduce your worries with INKY. Try your personalized demo now.


INKY® is the most effective hero in the war against phishing. An award-winning cloud-based email security solution, INKY® prevents the most complex phishing threats from disrupting or even immobilizing your company’s day-to-day business operations. Using computer vision, artificial intelligence, and machine learning, INKY® is the smartest investment you can make in the security of your organization. INKY® is a proud winner of the SINET 16 Innovation Award and was a finalist in the RSAC Innovation Sandbox Competition.