Safeguarding Your Company and Personal Finances: The Real Cost of Phishing Attacks
By Jeff Weeks, Senior Vice President and Chief Information Security Officer
In an era where digital transactions are now the norm, it's more important than ever to understand the risks and costs of the malicious activities that are sent through emails, texts, and other messages. This article shines a spotlight on a growing concern that's impacting companies and individuals across the globe – phishing attacks. Let's dive in!
Phishing: A Deceptive Threat
Phishing attacks have been around for a long time, but the tactics have evolved, making them more sophisticated and harder to detect. The attacks typically involve cybercriminals sending fraudulent emails, messages (text, social media, chat), or links that appear legitimate to trick individuals into revealing sensitive information, such as login credentials, credit card numbers or personal details. No person or company is immune to these attacks.
The Toll on Companies and Individuals
Phishing attacks can have devastating consequences for any company, financially and in terms of reputation. According to IBM’s “Cost of a Data Breach Report 2023,” the cost per record of a data breach is approximately $165.1 The average cost of a data breach for a mid-size company (1,001 to 5,000 employees) in the United States increased nearly 20% year-over-year, from $4.06 million in 2022 to $4.87 million in 2023.
Here is a snapshot of the types of company costs included in this estimation:
- Financial Losses: When cybercriminals successfully execute a phishing attack, they can gain unauthorized access to accounts, initiate fraudulent transactions and siphon funds. The direct financial losses can be substantial.
- Operational Disruption: Recovering from a phishing attack often requires significant resources and time. IT teams must investigate the breach, remediate the vulnerabilities, and restore affected systems, leading to operational disruptions and potential downtime.
- Regulatory Fines and Legal Fees: Regulated companies, such as banks, may face fines if it is determined that the company did not follow reasonable industry standards to protect against breaches. In addition, impacted customers may sue the company directly.
- Customer Trust Erosion: Perhaps the most significant cost is the erosion of customer trust. A successful phishing attack can tarnish a company's reputation, leading to customer attrition and making it difficult to attract new clients.
Additionally, businesses incur other expenses such as external legal assistance to address a breach (a breach coach), forensic review, credit monitoring, issuing new accounts and costs of notifying affected parties.
Individual consumers can be hit hard by phishing attacks and often suffer:
- Financial losses.
- Damaged credit scores.
- Loss of personal information.
Defending Against Phishing Attacks
While the threat of phishing attacks is real, there are proactive steps you and your company can take to mitigate the risks:
- Training: Educate yourself and your staff and family members about the dangers of phishing and provide regular training on how to identify suspicious emails or links.
- Robust Email Filtering: Implement advanced email filtering solutions that can identify and block phishing attempts before they reach employees' inboxes. Check with your internet service provider for personal tools.
- Multi-Factor Authentication (MFA): Require MFA for accessing sensitive accounts and systems. This adds an extra layer of security even if login credentials are compromised.
- Regular Security Audits: Conduct frequent security audits and penetration testing to identify vulnerabilities and address them promptly. Check with your internet service provider for personal tools.
- Incident Response Plan: Develop a comprehensive incident response plan outlining steps to take in the event of a phishing attack. Practice and update the plan regularly. For individuals, back up your computer frequently.
Phishing attacks pose a significant threat to companies and individuals. By staying vigilant; educating yourself, family, and employees; and implementing robust cybersecurity measures; we are all better protected from the perils of phishing. A well-informed community is a resilient one.
Learn more about cybersecurity by visiting the FNBO Security Center.
About the Author
Jeff has been with First National Bank of Omaha for more than 20 years and is currently the Senior Vice President and Chief Information Security Officer. The executive leadership and oversight provided by Jeff in the development, management, and execution of information security for FNBO enables the company’s ability to posture and protect private, personal information, and assets of the company’s clients, employees, and business partners.
1 Derived from IBM’s study of hundreds of data breach events where 101,200 or fewer records were compromised.
The articles in this blog are for informational purposes only and not intended to provide specific advice or recommendations. When making decisions about your financial situation, consult a financial professional for advice. Articles are not regularly updated, and information may become outdated.