The Rising Cost of Spam

moneyJust in case you thought spam was budget food, think again. A new report reveals the rising costs of cyber crime in the corporate world; and while it may not be the most expensive dish on the table, the spam that drives you bonkers is taking a chunk out of your corporate coffers.

There’s little doubt that the world is an increasingly expensive place in which to live, and ironically, modern technology is partially responsible. The devices that make our lives so much more livable (you know, the ones that make us smile while typing frenetically with our thumbs, walking along and praying not to embarrass ourselves) don’t come cheap, even though the phone company would like us to believe they’re doing us a huge favor by chopping $400 off the price of the latest superphone. A mere fifteen years ago, I can easily remember a $60 monthly bill with my cable and phone provider, yet today I gladly pay north of $300 for fiber optic TV and Internet, and the privilege of pausing a live football game, watching TV on my tablet from the patio, or surfing the net from the bathtub. Hmm…bathtub surfing…could be the next big Olympic event. But I digress.

True, all those gadgets and doodads that make life so much more tolerable come at a price. But have you ever considered just how much technology is really costing us? Well, you don’t need to wonder anymore, because the Ponemon Institute knows, and they’re sharing. In their just-released report, sponsored by ArcSight (an HP company) and entitled “Second Annual Cost of Cyber Crime Study: Benchmark Study of U.S. Companies”, the Institute lays out the cost of technology from a corporate perspective. Not surprisingly, the cost of cyber crime represents one great big payout for every company out there. While the study was limited to 50 U.S. companies, many of the companies were multinationals and it’s common sense that this information can be extrapolated on an international level.

Ponemon found that the average cost of cyber crime is $5.9 million per year, with a range of $1.5 million to $36.5 million each year per company. That’s one big matzo ball! One might be inclined to think that the average – $5.9 million – or even the high range of $36.5 million is peanuts to these companies, which probably pay that much for toilet paper. To put this in perspective, however, consider that Ponemon discovered a 56% increase in the median cost from the first study they conducted in 2010. Also consider that when you add up $5.9 million here and $36.5 million there, not over 50 companies but thousands of companies, the number becomes very, very large. Now consider that these companies don’t always absorb these costs – that is, like other corporate expenses, the costs can find their way into the selling price of that bottle of ketchup, television set and yes, even the latest superphone, for which the phone company is doing you a solid when they chop $400 off the price.

Also disturbing is Ponemon’s conclusion that cyber crimes are not only expected, they’re as frequent as Lindsay Lohan’s stints in rehab. The 50 companies reported a whopping 72 successful attacks per week, or 1.4 per company. Not surprisingly, the most common attacks were malicious code, DoS attacks, hijackings and malicious insiders, all of which accounted for more than 90% of attacks.

Spam: Tastes Good, Getting Expensive

What does this have to do with spam, you ask? When the 72 attacks per week are broken down, many of the attack types seem to indicate a linkage to spam. Of the nine types of attacks reported over a four week period, 100% of companies reported incursion by viruses, worms and Trojans; 96% reported malware; 82% botnets; 42% malicious code; and 30% reported phishing and social engineering attacks. And while the per-attack cost of phishing and social engineering – weighted by attack frequency – was nowhere near the most expensive attacks of DoS ($187,000 per attack) and web-based attacks ($141,000 per attack), it does represent a hefty $30,000 per attack. Considering the likelihood that the other attack types were most likely due in no small part to spam as their delivery method, there’s a significant cost associated with all those tempting offers that bombard our inboxes each day.

It’s probably fair to say that no one doubted the cost of spam, but wasn’t there a time when it was fairly cheap, even without the really expensive ketchup?

Leave a Reply