Risk Calculation for Breach by Phishing
Let’s look at a very simple calculation for risk:
Probability x Business Impact = Risk
Replace the values in this calculation with values representing the total risk if a breach were to occur as a result of phishing. In 2020, 36% of breaches involved phishing and that number is likely to be higher for 2021. The value for business impact of a breach will vary by company and industry, we will use $500,000 in our example.
Phishing Probability x Business Impact Breach = Phishing Risk
36% x $500,000 = $180,000
In this example, we see the organization’s financial risk to a phishing breach can be measured at $180,000.
Measuring Risk Reduction
Now that we have our overall risk, we can measure the reduction in risk if we were to implement a control to reduce the probability of a phishing attack. In 2020, half of all social engineering attacks were identified by a monitoring service, such as DomainGuard. We’ll use 40% as an approximation for the following calculation.
Phishing Risk x Reduction In Probability = Reduced Phishing Risk
$180,000 x 40% = $72,000
By having a monitoring solution like DomainGuard in place, on average your organization will reduce risk to phishing by 40%.