Risk Calculation for Breach by Phishing

Let’s look at a very simple calculation for risk:

Probability x Business Impact = Risk

Replace the values in this calculation with values representing the total risk if a breach were to occur as a result of phishing. In 2020, 36% of breaches involved phishing and that number is likely to be higher for 2021. The value for business impact of a breach will vary by company and industry, we will use $500,000 in our example.

Phishing Probability x Business Impact Breach = Phishing Risk

36% x $500,000 = $180,000

In this example, we see the organization’s financial risk to a phishing breach can be measured at $180,000.

Measuring Risk Reduction

Now that we have our overall risk, we can measure the reduction in risk if we were to implement a control to reduce the probability of a phishing attack. In 2020, half of all social engineering attacks were identified by a monitoring service, such as DomainGuard. We’ll use 40% as an approximation for the following calculation.

Phishing Risk x Reduction In Probability = Reduced Phishing Risk

$180,000 x 40% = $72,000

By having a monitoring solution like DomainGuard in place, on average your organization will reduce risk to phishing by 40%.

DomainGuard logo large to display upon entry