15 March 2008
Late last year, Consumer Reports determined by survey that one in 81 Americans got phished in 2007. The average phishing victim lost $200.
What does this mean for you?
People who assess risk often talk about “expected costs”, which they calculate by multiplying the probability of an event by its cost. The expected cost, then, of getting phished in a given year is 1/81*200 = $2.50.
How can we make sense of the $2.50 figure? One way to think about it is this: it is the amount you would have to pay an insurance company each year for them to be willing to pay out your losses to phishing, should they occur. If the insurance company covered all Americans at this rate, they would break even on their costs.
Seen this way, the threat of phishing isn’t that great. The danger of identity theft when phishers get your bank account information is perhaps greater, but the actual monetary loss, at least on average, is minimal.