Email compromise could cost an organization up to $2 million: Report

Organizations are increasingly turning to software-as-a-service (SaaS) offerings to save money on on-premise applications. Improved security is also touted as a benefit, because the vendor looks after upgrades and patches.

However, a quarterly report issued Tuesday by international insurer Beazley Group is a reminder that the cloud doesn’t solve all security problems, such as employees falling for phishing scams. Email compromises accounted for 23 per cent of incidents reported to the Beazley Breach Response (BBR) Services team during the second quarter, says the summary. “Attacks targeting business email accounts continued to climb in the second quarter, particularly for organizations using Office 365,” it adds.

(Source: Beazley Group)

“For larger scale email compromises, if the majority of users sent and received PII (personally identifiable information) or PHI (personal health information), the total cost of legal, forensics, data mining, manual review, notification, call center and credit monitoring can exceed US$2 million,” the report notes. “And even for the smaller scale email compromises, the costs can easily exceed US$100,000.”

To give an idea of how those totals could be reached the report cites a case study of an unnamed health system apparently running Office 365 that was hit by a widespread phishing campaign. The malicious email message included a link to an official-looking website where users were asked to enter their credentials. A forensic investigation revealed that approximately 20 users’ inboxes at the institution were compromised. Assuming the contents of all inboxes were downloaded, those mailboxes had to be searched for personal and health information of patients in case they needed to be notified. Upwards of 350,000 unsearchable documents were found, which then had to be manually gone through. The legal fees, forensic costs, programmatic review, and manual review of documents alone cost just under US$800,000. The cost of notification to patients, call center and credit monitoring was an additional US$150,000.

In addition to using phishing as a weapon, the report notes more sophisticated attackers may exploit PowerShell to log in to Office 365 and do more extensive reconnaissance. “If they are able to compromise credentials for a user with the right administrative privileges, they may be able to search every single inbox for the entire organization.”

If two-factor authentication is available email attacks can easily be prevented, the report notes. It also recommends disabling the ability for third-party applications to access Office 365, which can reduce the likelihood of an attacker using PowerShell for reconnaissance or other purposes.


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now