Cisco Cisco Email Security Appliance X1070 White Paper
7
Cisco Security White Paper
Email Attacks: This Time It’s Personal
Combined Impact: The overall costs of spearphishing and
targeted attacks to organizations are substantially more than
their direct monetary loss to cybercriminals. Table 5 provides
results from the 361 organizations Cisco SIO researched.
their direct monetary loss to cybercriminals. Table 5 provides
results from the 361 organizations Cisco SIO researched.
Table 5: Overall Organizational Costs per Attack
*Per Infected User
While the costs can vary widely depending on the specific
organization and attack, one point is clear: The overall costs
to organizations can be significant. In addition, reputation
management and remediation efforts can create a strain on
the organization.
organization and attack, one point is clear: The overall costs
to organizations can be significant. In addition, reputation
management and remediation efforts can create a strain on
the organization.
Conclusion
The increased number of low-volume targeted attacks has
impacted users in many organizations, regardless of industry,
geography and size. Their prevalence has caused both a
related increase in criminal financial benefit and impact on
victimized organizations. Organizations have to bear the
burden of not only the monetary loss but also the cost of
remediating infected hosts and the negative impact on
their brand reputation. With the number of targeted attacks
expected to increase, cybercriminal activity will continue to
evolve, as will its impact.
impacted users in many organizations, regardless of industry,
geography and size. Their prevalence has caused both a
related increase in criminal financial benefit and impact on
victimized organizations. Organizations have to bear the
burden of not only the monetary loss but also the cost of
remediating infected hosts and the negative impact on
their brand reputation. With the number of targeted attacks
expected to increase, cybercriminal activity will continue to
evolve, as will its impact.
It’s clear that the shift in cybercriminal business models
has provided an interim benefit from lower threat activity.
Organizations are only partially able to appreciate the
reduction in cybercriminal activity, though, as their costs can
encompass far more than financial loss. To estimate these
total losses, Cisco SIO conducted primary research with 361
organizations located globally to understand their perspectives.
The organizational impacts of attacks can be categorized as
follows:
has provided an interim benefit from lower threat activity.
Organizations are only partially able to appreciate the
reduction in cybercriminal activity, though, as their costs can
encompass far more than financial loss. To estimate these
total losses, Cisco SIO conducted primary research with 361
organizations located globally to understand their perspectives.
The organizational impacts of attacks can be categorized as
follows:
1. Financial
2. Remediation
3. Reputation
Financial: Financial loss directly to the cybercriminals can
range widely based on the specific attack; as a result,
organizations cannot estimate the loss.
Remediation: The remediation costs of spearphishing
organizations cannot estimate the loss.
Remediation: The remediation costs of spearphishing
and targeted attacks are incurred by victim organizations.
The administrative team must identify and remediate the
compromised hosts; this can be challenging given the
increasing use of surreptitious applications. Because of the
complexity of current targeted attacks and the underlying
malware, costs for remediation can be significant.
Remediation costs include the time required to address the
infected host and the corresponding opportunity cost of that
time. With the organizations surveyed, Cisco observed that
infected hosts take an average of two hours of dedicated
effort to resolve. The cost basis of two hours of effort per
resolution is specific to each organization, as is the
corresponding opportunity cost of that time.
Based on Cisco SIO research, organizations estimated that
the direct remediation cost per infected user is $640, or 2.1
times that of the direct monetary loss.
Reputation: The negative reputation impact of attacks can be
The administrative team must identify and remediate the
compromised hosts; this can be challenging given the
increasing use of surreptitious applications. Because of the
complexity of current targeted attacks and the underlying
malware, costs for remediation can be significant.
Remediation costs include the time required to address the
infected host and the corresponding opportunity cost of that
time. With the organizations surveyed, Cisco observed that
infected hosts take an average of two hours of dedicated
effort to resolve. The cost basis of two hours of effort per
resolution is specific to each organization, as is the
corresponding opportunity cost of that time.
Based on Cisco SIO research, organizations estimated that
the direct remediation cost per infected user is $640, or 2.1
times that of the direct monetary loss.
Reputation: The negative reputation impact of attacks can be
experienced over time by victim organizations and users. For
example, building a brand typically takes years, but a negative
event or news story, especially one that is highly visible, can
quickly tarnish a company’s image. The direct impact can be
a significant decline in business, sometimes even leading to
the organization’s demise.
Determining the true costs of adverse reputation impact can
be challenging, as is estimating the value of an organization’s
brand. Nevertheless, organizations have made it clear that
adverse events can impact their reputation, which in turn can
create a significant decline in business and shareholder value.
Based on Cisco SIO research, organizations estimated that
the reputation cost per infected user is $1,900, or 6.4 times
that of the direct monetary loss.
example, building a brand typically takes years, but a negative
event or news story, especially one that is highly visible, can
quickly tarnish a company’s image. The direct impact can be
a significant decline in business, sometimes even leading to
the organization’s demise.
Determining the true costs of adverse reputation impact can
be challenging, as is estimating the value of an organization’s
brand. Nevertheless, organizations have made it clear that
adverse events can impact their reputation, which in turn can
create a significant decline in business and shareholder value.
Based on Cisco SIO research, organizations estimated that
the reputation cost per infected user is $1,900, or 6.4 times
that of the direct monetary loss.
Size of
Organization
Monetary
Loss*
Remediation
Cost*
Reputation
Cost*
Up to
1,000 users
$327
$558
$2,346
Between 1,000
and 5,000 users
$233
$484
$1,436
More than
5,000 users
$290
$833
$1,553
2
1
3