Commissioned by IRONSCALES

Published October 2022

Executive Summary

Phishing is a type of cybersecurity attack experienced by all organizations. Successful attacks result in lost account credentials, fraud, and data theft. Preventing successful attacks is proving costly for organizations, with phishing- related activities consuming one third of the total time available to IT and security teams. On average, organizations spend almost 30 minutes dealing with each phishing email identified in their email infrastructure.

The purpose of this research was to quantify the direct costs borne by organizations in mitigating the phishing threat, and to explore expectations about how phishing will change over the next 12 months.