About PhishingCost.com
An independent reference for the cost of phishing defence and phishing-related breach impact. Operated by Digital Signet, founded by Oliver Wakefield-Smith. Built so the budgeting question for security-awareness training, anti-phishing tooling, and post-phishing breach response can be answered without a vendor pitch.
Why we built it
Phishing remains the single most common breach vector, and the cost surface around it is fragmented across categories: awareness training (KnowBe4, Hoxhunt, Cofense), email security (Microsoft Defender for O365, Proofpoint, Mimecast, Abnormal), URL/attachment sandboxing, post-phishing IR retainers, and the breach cost itself when phishing succeeds. Most published cost guidance is from one of those vendors. This site exists to publish defensible cost bands across the full phishing-defence stack and the breach-side cost of a successful phishing attack.
Who runs this site
Oliver runs Digital Signet, an independent AI-development studio that builds data-led pricing and decision tools using public datasets. After 20 years as a solutions architect and tech lead across media, utilities, satellite, and data, he founded Digital Signet to apply autonomous AI development methodology to real software at scale.
Reach Oliver: [email protected]. Profile: LinkedIn.
About the studio
This site is operated by Digital Signet, an independent AI-development studio founded by Oliver Wakefield-Smith. It is part of a portfolio of consumer cost-reference and calculator sites we run as a live R&D lab for our Signet methodology, an autonomous AI development team that ships real software at scale.
Digital Signet does not sell awareness training, does not sell email security, does not run a phishing-simulation practice, and does not accept paid placements from any vendor in the anti-phishing space. Editorial direction is set by Oliver. Drafts are produced via Digital Signet's autonomous AI development methodology and reviewed against the editorial framework before publication.
For consulting enquiries (fractional CTO, AI product strategy, autonomous-dev-team setup): see digitalsignet.com.
What we hold to
- Source pattern. Built on public reference material across the relevant publisher landscape.
- No paid placements. Does not sell awareness training, does not sell email security, does not run a phishing-simulation practice, and does not accept paid placements from any vendor in the anti-phishing space. Independent of every named third party in the relevant space.
- Math is documented inline. Where the site has a calculator, inputs and assumptions are visible on the calculator page. Nothing is hidden behind opaque scoring.
- Update only when underlying reality changes. Triggers: New Verizon DBIR edition (annual); New IBM Cost of a Data Breach Report; Major awareness-training or email-security vendor pricing-model change; New entrant publishing pricing materially below the existing band.
Contact
For corrections, methodology questions, or scenarios that don't fit cleanly: [email protected].