The Cost of Anti-phishing Software Compared to Cyberinsurance
Quick Answer
Baltimore's 2019 ransomware incident cost over 18 million dollars in recovery against a 76,000 dollar ransom they refused to pay. Their post-incident cyberinsurance: 835,000 dollars per year in premiums plus two 1 million dollar deductibles, so a second incident would run roughly 3 million dollars out of pocket. Compare that to anti-phishing email security at roughly 15 cents per mailbox per month: protecting Baltimore's 13,683 employees would cost under 2,000 dollars per month, or about 24,000 dollars per year. The 3 million dollars Baltimore now budgets in coverage and deductibles would buy them roughly 118 years of protection that prevents the ransomware from arriving in the first place. Insurance pays for the cleanup. Email security stops the email.
When it comes to getting hit by ransomware, it doesn’t get much worse than the city of Baltimore. When the city got hit by ransomware earlier this year, apparently it had neither anti-phishing software protecting its email accounts nor cyberinsurance in the event that it did. And because the city has refused to pay the ransom ($76,000), it has spent in excess of $18 million restoring systems to date.
Now, in a case of too-little-too-late, the city has belatedly decided to purchase cyberinsurance against such attacks in the future. And how much does the insurance cost? That’s where things get interesting.
The cost for $20 million of cyberinsurance coverage, ostensibly to cover $18 million in costs they experienced in this attack, is $835,000 per year. But that’s not the only cost. That coverage comes with two $1 million deductibles. So, should Baltimore get hit again, They’d be on the hook for close to $3 million including coverage and deductibles.
Now, let’s compare the cost of cyberinsurance to the cost of anti-phishing software. You know, software that can keep you from getting hit by ransomware in the first place.
According to the city of Baltimore’s website, there are 13,683 employees, we assume each with their own email address. What’s the cost to protect that many email accounts? A good estimate would be about 15₵ per account per month. And when you do the math, that comes out to less than $2,000 per month to protect every city employee from phishing emails, 93% of which contain ransomware. Let that sink in. $2,000 per month compared to almost $3 million.
What would that $3 million buy in terms of anti-phishing software for 13,683 employees? How about 118 years of protection.
It’s the difference between fire insurance and a smoke detector. You want fire insurance, go ahead and get some. But do yourself a favor, install one of those cheap smoke detectors too to keep your house from burning down in the first place.
When you’re ready to keep your digital house from burning down, get phishing protection from DuoCircle. It sets up in 10 minutes, costs pennies per account per month and comes with 24/7 live technical support. Don’t be the next Baltimore.
General Manager
General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.
Secure your email infrastructure
Protect, authenticate, and deliver. Contact our team to find the right solution.