Report shows the most valuable marketing channel is also the least secure, putting brand reputation, consumer trust, and revenue generation in jeopardy
Email drives more leads, conversions, and revenue than any other marketing channel, but it’s also the weapon of choice for cybercriminals around the world. New research from Return Path finds that the damage caused by email fraud goes far beyond the immediate impact to a brand’s reputation. Released today, Return Path’s Phishing: The Cost of Doing Nothing for Marketers demonstrates how phishing and spoofing attacks erode consumer trust, compromise the performance of legitimate email campaigns, and ultimately reduce marketing ROI.
According to the report:
- Phishing has real, direct costs. The average large company (defined as 10,000+ employees) spends $3.7 million annually to recover from phishing attacks, including lost productivity, customer service, and regulatory fines.
- Phishing damages engagement. Subscribers are less likely to trust a brand following a phishing attack. The report finds that when negatively impacted, average read rates dropped by up to 18 percentage points at Gmail and 11 percentage points at Yahoo.
- Phishing impacts deliverability. Following a phishing attack, mailbox providers are more likely to flag legitimate email as spam. Research shows that when negatively impacted, average inbox placement rates dropped by up to 10 percentage points at Gmail and 7 percentage points at Yahoo.
“The immediate cost of phishing is staggering, but the bigger impact comes from loss of trust,” said Estelle Derouet, VP Marketing, Email Fraud Protection at Return Path. “If your brand reputation is damaged by email fraud, customers won’t open your emails and mailbox providers may not deliver your messages to the inbox. When that happens, you’ve lost a revenue opportunity—both now and in the future.”
Marketers recognise the cost of email fraud, but are ill-equipped to act
While marketers understand the threat that email fraud poses, few brands are taking the necessary steps to fight back. Return Path’s research shows that 81 percent of marketers would be concerned or very concerned if customers received a malicious email that appeared to come from their brand. Yet only 32 percent of marketers say that securing the email channel is a top priority in 2016.
And perhaps more troubling, marketers are ill-equipped to fight phishing even if they wanted to. A full 76 percent of survey respondents say they have little to no visibility into email attacks on their brand.
“Email security is everyone’s responsibility,” continued Derouet. “As guardians of the brand and owners of the email channel, it’s time for marketers to join the fight against email fraud—and for CMOs to prioritise customer security.”
Mailbox providers are changing the game
Major mailbox providers like Google and Microsoft are taking action to crack down on companies that fail to follow best practices for email security. As of February 2016, Google is flagging emails that fail authentication by replacing company avatars with a red question mark, thereby removing the guesswork for their end users. Similarly, Microsoft now inserts a red safety notification at the top of known phishing messages and any message that fails authentication.
When consumers see these warnings, they are less likely to engage with both the individual email and the brand that sent it.
“When it comes to phishing, email authentication standards like SPF, DKIM, and DMARC are no longer optional. They are essential best practices for ensuring that legitimate email won’t be treated like spam,” added Derouet. “Any company not proactively securing their email channel today risks losing not only priceless brand loyalty but also marketing-generated revenue.”