Email Security Blog

Phishing Statistics: What an Attack Costs Your Business

If it seems like you’re hearing more often about security breaches, it’s not your imagination.

There has been a 67% increase in security breaches over the past five years.

The number of phishing attacks grew by double digits last year alone and it shows no signs of slowing.

The vast majority of cyber-attacks start with phishing emails. Whether it’s enticing someone to click on a malicious link, trick them into giving up their credentials, or open up a pathway for cybercriminals to get inside your network, phishing practitioners can cause major problems for companies. 

While many phishing attempts aim to steal data, cybercriminals are also changing or destroying data.  Ransomware attacks, launched by a phishing email, encrypt data and hold it for ransom unless you pay a fee to get the key to recover your data. Crooks are getting inside networks and damaging core systems and controls that have long-reaching effects.

Phishing Attack Statistics

Phishing emails are still the main weapon threat actors are using. The FBI estimates cybercriminals have stolen more than $12 billion from companies over a five-year span using phishing attacks and business email compromise. These are no longer isolated incidents. A study by the University of Maryland concluded that an attack occurs on average every 39 seconds.

The translates into more than 156 million phishing emails being sent every day. As many as 16 million of them make it through company filters and half of those get opened by recipients. 80,000 people are the victims of malicious activity each day from phishing emails. 

It happens to some of the biggest names in tech and business. Facebook and Google had $100 million stolen in a C-level phishing attack. Crelan Bank lost $75 million. Upsher-Smith was hit for $50 million.  It cost more than $30 million for Ubiquiti Networks, Leoni AG, and Xoom.

It’s not just big businesses that are the targets of these attacks. Nearly half of all small businesses have been attacked with disastrous results. 60% of small and medium-sized businesses that get hacked go out of business after just six months.

The Average Cost of a Data Breach

Phishing attack statistics show that the average cost of a data breach in 2018 was $3.9 million. IBM’s 2019 Cost of a Data Breach report calculates that for data breaches, that works out to roughly $150 for each record that is compromised.

Once hackers get into your system, it can take months before organizations even know they’ve become a victim. It takes an average of 279 days to ID and contain a breach. From the time a breach occurs until it’s eradicated can take 314 days. That’s more than 10 months.

A study of nearly a thousand cyber attacks by Accenture determined the cost of dealing with cyberattacks, malware, and phishing attacks grew 12 percent from the year before and 72% from five years ago. The costs can last for years. While two-thirds of the cost to deal with a breach comes in the first year, they will be clean up expenses typically for another two years down the road.

Take Action Against Phishing

In light of these growing attacks, 87% of business and IT executives agree that organizations must take proactive steps and rethink their approach to security. That approach starts with a robust phishing attack solution.

The weakest link in your cybersecurity is humans. Even when trained, people can still click on a malicious link or fail to recognize the dangers in a phishing email. That’s why you need to stop them from getting through in the first place.

What You Need To Know About Phishing And Email Security

You need a phishing attack solution that detects incoming phishing attempts and prevents them from getting through your defenses. It should disable malicious links and quarantine malicious emails. It should educate email users so they can recognize future problematic emails with bold, easily identifiable warnings.

A Phishing Attack Solution

INKY is the industry’s leading anti-phishing software solution. It employs artificial intelligence, machine learning, and computer vision to stop email phishing attacks that other software can’t.

Most anti-phishing software relies on blacklists of known threat actors. The bad guys know this and frequently change strategies, URLs, email, and IP addresses. INKY goes a step further by examining the email itself.  It looks for potential discrepancies in company names and can even detect minute changes in logos down to the pixel level. It can detect realistic-looking forgeries that appear to come from legitimate companies that will pass through other software filters.

When it finds suspicious activity, it renders them harmless and displays bold warning messages inside the body of the email that can’t be missed. This banner both warns users and educates them.

The anti-phishing software that’s built into Exchange, Microsoft 365, and Google Workspace simply do not provide enough protection. They depend primarily on blacklists and content filtering. Content filtering flags keyword and common phrases used by phishing attacks but can easily miss more sophisticated attacks. INKY traces links before delivering them. It examines the destination and quarantines the link until it makes sure it’s safe.

Reduce your worries with INKY. Try your personalized demo now.

This blog was updated in November 2021. 


INKY® is the emerging hero in the war against phishing. An award-winning cloud-based email security solution, INKY® prevents the most complex phishing threats from disrupting or even immobilizing your company’s day-to-day business operations. Using computer vision, artificial intelligence, and machine learning, INKY® is the smartest investment you can make in the security of your organization. INKY® is a proud winner of the NYCx Cybersecurity Moonshot Challenge and a finalist in the 2020 RSAC Innovation Sandbox Competition. Learn more about INKY® or request an online demonstration today.