Spam Losses Average $1934 Per Employee Per Year

by Hinesh Jethwani    Jun 18, 2004

To gauge the impact that new anti-spam technologies have caused since 2003, Nucleus Research interviewed employees at 82 Fortune 500 companies. The results are shocking: End users are receiving more than twice as much spam as they did 10 months ago, with the average cost of spam per employee per year climbing to a staggering $1934.

Do Indian enterprises realize the threats and losses linked with spam? Niraj Kaushik, country sales manager, Trend Micro India, said, “With the rapid growth of the Internet, email has undoubtedly become an indispensable service for enterprises. However, with the widespread adoption of email, a new headache has been created for corporate IT administrators, which raises legal issues, impacts network efficiency, and affects employee productivity. Spam is a big nuisance in the corporate world today. Large amount of spam consumes the company’s network storage, impacts an organization’s resources to handle legitimate Internet email, and increases email system costs.”

“Analysts predict that left unchecked, spam and junk will comprise over 50% of corporate e-mails by 2004. Further, proliferation of pornographic, racist, commercial and bulk spam is causing grave workplace liability concerns,” added Kaushik.

Divulging more spam statistics, Kaushik explained, “As per some market reports, more than 40% of all mails globally are spam mails. Studies indicate that the time spent per person tackling spam mails ranges from 1 minute to 90 minutes per day, with an average of 6.5 minutes. This could translate to an average annual cost of over $1500 per employee.”

CXOtoday tried to get a user perspective, by quizzing Punjab National Bank (PNB) about the extent of threats and losses that spam mails impose.

Ashok K Agarwal, chief- information security, PNB, IT Division, said, “Threats imposed by spam are bandwidth congestion, increased bandwidth utilization and slow data transfer during communication. We are using an Infinet network for corporate email messages, which is managed by IDRBT, Hyderabad. IDRBT is using anti-spam filters to address these threats. We have so far not incurred any reported loss due to spam.”

“To protect ourselves against spam, we are also using a gateway level anti-virus software known as Groupshield for monitoring mails that may contain worms or any other malicious payload,” added Agarwal.

Respondents to the Nucleus survey reported an average of 29 e-mails a day, against last year’s survey average of 13 e-mails. The average amount of productivity lost to spam has gone up accordingly, from 1.4 percent in 2003 to 3.1 percent in 2004. However, the impact of filtering technology on the volume of spam has dropped from 26 to 20 percent.

Even though spam filters have become more sophisticated since last year, sheer growth in messages sent by spammers and corporate hesitation to set aggressive filters, were among key factors driving the figure.

Nucleus found that end users at companies having deployed an enterprise wide spam filters received 20 percent less spam, on an average, than companies that had no filtering tools deployed. The statistic points to the clear ROI opportunities from spam-filtering tools. Regaining even a small portion of the productivity, bandwidth, hardware, and other resources hogged by spam can easily justify the costs of the technology in most situations.

A striking fact is that whereas spam filters were reducing the impact of spam by 26 percent on average in 2003, that number has dropped to 20 percent today.

Therefore, for the vast majority of companies, Kaushik strongly recommended the purchase of companywide spam filters and an aggressive upgrade strategy to ensure that they are using the most current functionality.

Nucleus suggested two possible trends to explain the decline. Firstly, many IT administrators have shied away from configuring spam filters to more aggressive levels, for fear of deleting legitimate e-mail. Secondly, the sheer volume of spam is increasing exponentially — a factor outside the control of technology vendors.

As an estimate of the annual cost of spam, $1934 per employee per year is relatively conservative — it does not recognize the dollar expense of IT personnel, software, CPU hardware, and bandwidth hogged by spam. The figure also doesn’t account for the less visible layer of costs associated with spam, like the negative impact of virus-triggered network outages on customer satisfaction or increased corporate exposure to harassment suits.

On average, respondents estimated that the cost of spam per employee per year is $220. Based on actual customer data, Nucleus determined the productivity cost of spam alone is as high as $1934 per employee per year — emphasizing the need for ongoing education about the real damage done by spam.

But when Nucleus asked respondents for an estimate of what they considered to be the per-employee cost of spam to their company, they provided starkly low figures.

Employee estimates ranged from as low as $25 to a high of $1000 and averaged out to $220 per employee, but none approached the actual average of $1934 per employee, indicating the continuing gap between the perceived and actual costs of spam.

So how can an enterprise effectively combat the menace of spam? Kaushik replied, “Spamming has become relatively easy since e-mail protocols are easier to forge, user addresses are simple to harvest, and there is virtually no cost involved with sending out spam. What an enterprise needs is an effective anti-spam solution. Our spam prevention solution is based on a heuristics driven filtering process.”

Heuristic technology is the science of calculating the probability that a particular message is spam, based on the collective occurrence of a set of characteristics of the message.

“This technology adds an additional adaptive layer of detection to the commonly deployed “unsafe list” or signature-based scanning provided by most enterprise anti-spam vendors, including Trend Micro. While signature-based scanning can be updated to block known sources of spam, heuristics-based scanning can be quickly adapted to detect entirely new categories or methods of spamming,” concluded Kaushik.

Tags: Spam