Phishing Costs Companies over $411 Million per Alert

By Alex Tajirian
Alex Tajirian

Phishing blindsides businesses' best defenses and takes a toll whose price tag still hasn't been pinned down. Here's one estimate: $441 million per attack, according to a recent study of the cybercrime's effect on stock market data (market value, volume of shares traded, and stock volatility) of global firms. The authors use "event studies" techniques (i.e., analyzing the impact of specific types of events on companies' market performance) to analyze nearly 2,000 phishing alerts (emails sent to customers of public companies, or warnings about phony websites trying to dupe customers) by 259 companies in 32 countries over a recent four-year period. (Two side notes: the study finds that phishing hits financial companies the worst, and that it takes a bigger toll on foreign companies' stock prices than on U.S. companies'.)

The authors say their estimate may be on the low side because the study leaves out the targeted companies' indirect costs: providing additional support to victims of the crime, dealing with angry customers, and losing potential customers because of bad publicity.

To counter phishing, the authors say, companies should:

For its part, the domain name industry should be more proactive in fighting phishing, especially schemes that involve typo domain names. For one thing, the Trademark Clearinghouse (TMCH) database can be expanded to include brand-name typos, whereby before a domain name's registration is finalized, a warning is flashed that the desired name may be a trademark violation and that the mark holder may legally request that you surrender the domain name with no compensation. If the warning is ignored and the registration is completed, the mark owner is notified. Of course, such an automatic right for mark owners requires new legal authorization, but makes it more expensive for infringing registrants. However, the added cost of monitoring by mark owners will be negligible compared to their benefits.

By Alex Tajirian, CEO at DomainMart

Related topics: Cybersecurity, New TLDs