Email Security Blog

Phishing Survey Finds Businesses Waste $2 Million a Year Chasing False Positives

Fareed Bukhari February 12, 2019 Data Breach
Results of Agari Phishing Survey

If US-based companies don’t start automating phishing incident response processes within their SOCs, they could be SOL, according to new data captured in our Q1 2019 Email Fraud & Identity Deception Trends Report.

That’s because while businesses strive to implement security controls to prevent phishing attacks and any subsequent data breaches, the Security Operations Centers they rely on to remediate incidents are being overwhelmed. As a result, otherwise-preventable financial losses could soon skyrocket.

In fact, when we surveyed 304 organizations as part of our new trends report, we discovered that the average SOC is hit with 23,063 possible phishing incidents each year—and that’s just the ones that are reported by employees. This is costing SOCs an average of $4.86 million to triage, investigate, and remediate.

Unfortunately, when you dig under the surface of this data, any expectations that manual response processes can keep up with a growing volume of advanced email attacks just don’t add up.

Chasing Phantom Phish

To understand why, let’s start with the survey itself, which included 222 US-based organizations and 82 based in the UK, ranging in size from 1,000 to 209,000 employees.

In all, respondents report that 98% of the employees at their organizations have the ability to report phishing attacks, and often even have a convenient button or an abuse inbox to forward suspicious messages to their organization’s SOC.

Out of those 23,063 phishing incidents per year, respondents say half turn out to be false positives. Which means roughly half of the $4.9 million SOCs spend each year to remediate issues is wasted. But the problem is even bigger than that.

As it stands now, it takes a SOC analyst an average 4.9 hours to triage, investigate and, if needed, remediate each phishing incident. That means the average SOC needs at least 54 analysts to handle the average number of phishing incidents each organization faces per year. But today, the average number of SOC analysts per company is 12.5. That’s a staffing gap of 41.5 full-time equivalents.

As a result, many organizations fail to detect phishing incidents that result in fraud or breaches. And the price tag is adding up fast.

Death by a Thousand Data Breaches

Just look at the numbers. According to the 2018 Verizon Data Breach Investigations Report (DBIR), 96% of all data breaches start with a phishing email.

For US-based organizations, the average cost of a data breach now runs $7.9 million, and the probability of a breach occurring within the next year is 14%, according to the 2018 Global Cost of Data Breach from Ponemon Institute. If you multiply the average breach cost of $7.9 million by a probability of 14%, the annual “breach risk” per organization equals just over $1.1 million.

That’s on top of that average $4.86 million in SOC expenses—putting the total annual cost of phishing response at an average $5.96 million per company. A big part of the issue is the fact that while the average breach results in exfiltration of data within minutes or hours, it takes an average of 90 days before a breach is discovered. This is likely a symptom of those understaffed SOCS and inefficient, mostly-manual processes for handling phishing incidents.

Ideally, SOC analysts would be able to triage, investigate, and remediate reported phishing incidents within minutes, enabling the business to identify and contain legitimate data breaches fast enough to disrupt or even prevent data exfiltration. But how?

Automation Makes All the Difference

As part of our survey, we asked respondents how much reducing the response time required for phishing incident response would cut their breach risk.

Overall, respondents feel they could achieve a 50% reduction in their breach risk related to phishing by automating the processes involved with phishing incident response. That’s a total of a $551,025 decrease in that average annual breach risk of $1.1 million. And that’s just for starters.

Based on results we’ve observed with our own enterprise customers, we were able to determine that automated phishing incident response processes can reduce the time needed to triage, investigate, and remediate phishing attacks by 90%. That represents an additional $4.37 million in savings. In fact, together with reduced breach risk, automation can result in an average of $4.92 million in savings per company.

Check out this online calculator to estimate the savings automated incident response might bring to your own operations. Overall, the findings mirror real-world results we’re seeing with enterprise customers using Agari Phishing Response, a one-touch solution designed to automate and accelerate triage, forensics, remediation, and breach containment by up to 95%.

The Battle Ahead

The fact is, automating incident response may no longer be just optional. Phishing attacks aren’t going away anytime soon. And the costs will only get worse. Indeed, depending on the outcome of current court cases, your company could face even greater legal and financial jeopardy from data breaches—regardless of whether anyone ever suffers damage from them.

As it stands now, a quarter of IT and security leaders expect to experience a major breach in the next year. And the targeted email attacks that can lead to such breaches will continue to be the#1 cybersecurity challenge organizations face in 2019.

For those looking to beef up their defenses, modern, AI-based solutions that can stop phishing emails from ever reaching their targets can be a smart place to start. Those that automate and accelerate incident response for attacks that do get through is clearly another.

Learn more about the phishing survey conducted by Agari in the Q1 2019 Email Fraud and Identity Deception Trends report. 

SOC Analyst Team

March 7, 2019 Crane Hassold

Building a Community of SOCs and Threat Intelligence To Stop Data Breaches

In the Q1 2019 Email Fraud & Identity Deception Trends report, we reported that the average…

Continuous Detection and Response Technology

March 4, 2019 Ramon Peypoch

Great Scott! Agari Introduces Time Travel to Stop Data Breaches

Today, we’re excited to announce a new technology called Agari Continuous Detection and Response (CDR)…

Merger Acquisition

January 17, 2019 Raymond Lim

M&As Put Your Company at Risk for BEC Losses and Data Breach Liability

Mergers and acquisitions can build your company's value overnight, but business email compromise (BEC) and…

Agari Blog Image

December 20, 2018 Ramon Peypoch

How to Discover and Contain Data Breaches in Minutes—Not Months

A breach itself is bad enough, but the time it takes an organization to discover…

mobile image