What is the cost of a spear phishing attack?

Verizon DBIR 2025 places the average successful spear phishing incident at $1.76M including credential-takeover follow-on, IR engagement, and downstream pivot cost. The figure trails BEC and whaling on per-event loss but leads on detection difficulty.

How is spear phishing different from regular phishing?

Spear phishing targets a named individual with personalised content drawn from OSINT (public sources like LinkedIn, company filings, conference attendee lists, GitHub commits). Bulk phishing addresses 'Dear Customer' to a stolen email list. The per-recipient effort is roughly 100 to 200 times higher for spear, but conversion rates are 10 to 20 times higher.

Does AI make spear phishing cheaper for attackers?

Yes. The pre-LLM marginal cost of a spear-phish lure was 30 to 90 minutes of human research and writing time, approximately $25 to $75 at attacker labour rates. Hoxhunt 2026 measured AI-generated spear-phish lures at under one cent of model-inference cost per lure with a 54 percent click-through rate against a 12 percent human-written baseline. The attacker economics inverted in 2024.

What does the click-through math look like?

Pre-2024 human-written spear-phish click rates sat in the 8 to 14 percent band. AI-generated lures with reference-set personalisation now exceed 50 percent in independent measurement. The defender implication is that every lure should be assumed to convert at 5x the historic baseline rate.

Which industries face the highest spear-phish cost?

Technology, pharmaceutical, and professional-services firms face the highest per-incident spear-phish cost because the target population (engineering leaders, R&D staff, partners) has both privileged access and high public OSINT visibility. Verizon DBIR 2025 places tech-sector spear-phish events near $2.3M average.

Can phishing-simulation training reduce spear-phish risk?

Modestly. Hoxhunt and Cofense data shows training reduces click rates by approximately 30 to 50 percent against bulk lures over 18 to 24 months of repeated exposure. The reduction against AI-grade spear-phish is roughly half that and may erode as model quality improves. Training is a necessary control but not a sufficient one.

Filing 02.02.00Field 27 APR 2026Classification PublicStatus Open

Spear phishing: per-incident cost, attacker economics, the AI inversion

Per successful incident: $1.76M (Verizon DBIR 2025). AI-generated lures now achieve 54% click-through against a 12% human-written baseline (Hoxhunt 2026). The economics that protected defenders for two decades inverted in 2024.

Exhibit A

The two numbers that frame the page

DBIR 2025

Spear phishing is the targeted, researched form of phishing in which the attacker addresses a specific individual using personalised content drawn from public sources. The category is conceptually older than bulk phishing (it predates the spam-filter era), but the cost profile changed materially in 2024 with the arrival of usable large language model output for lure generation. Two numbers anchor the 2026 picture: $1.76M per successful incident on the defender side, and a 54 percent click-through rate on AI-generated lures against a 12 percent baseline on human-written ones.

The defender-cost figure is from Verizon's 2025 Data Breach Investigations Report, summing the median IR engagement, credential-reset cycle, downstream pivot containment, and data-loss notification spend for breaches where spear phishing was confirmed as the initial vector. The click-through differential is from Hoxhunt's 2026 State of the Phish, which ran a controlled head-to-head test between human-written lures from internal red teams and LLM-generated lures from a current open-weight model, holding target population and delivery channel constant. The Hoxhunt result is now broadly consistent with independent measurements from NCSC UK and CISA field assessments.[Verizon DBIR 2025 + Hoxhunt 2026]

Exhibit B

The attacker labour-cost inversion of 2024

For two decades, the defender relied on an implicit economic moat: spear phishing was expensive to produce. A credible lure required 30 to 90 minutes of human research time per target, building a believable pretext from LinkedIn profile data, public press releases, recent conference attendance, and any leaked email correspondence available on the underground market. At attacker labour rates of approximately $50 per hour in mature criminal markets, the cost-per-lure ran $25 to $75 with a baseline conversion rate of 8 to 14 percent. That implied a unit economics floor of approximately $180 to $500 per successful compromise, which was high enough that attackers reserved spear phishing for high-value targets only.

The 2024 LLM wave broke the moat from two directions. First, the marginal cost of generating a personalised lure dropped to under one cent of model-inference compute per lure. Second, the conversion rate climbed from the 8 to 14 percent baseline to over 50 percent in controlled tests because LLM-generated text carries none of the grammatical, syntactic, or register-shift tells that human-written non-native lures used to signal. The unit economics floor for spear phishing collapsed from approximately $300 per compromise to under one cent, a five-order-of-magnitude shift in attacker cost-per-acquisition. The implication for defenders is that the historic mental model of spear phishing as a low-volume, high-value attack category no longer holds. Spear-grade personalisation is now bulk-grade in unit economics.

The defender-side response is not to assume that filtering will catch the new generation of lures. It will not, because the lures are grammatically perfect and semantically coherent with the recipient's actual work context. The response is to invest in the controls that work regardless of lure quality: phishing-resistant FIDO2 MFA on every account, behavioural email security that flags anomalous-relationship sender patterns, and a hard rule that bulk credential-sensitive actions (password reset, MFA reset, payment redirection) require an out-of-band confirmation step. None of those controls depend on detecting that a lure is fake.[Hoxhunt 2026 + Verizon DBIR 2025 attacker economics annex]

Exhibit C

Per-incident cost build-up: where the $1.76M lands

Cost line	Dollar figure	Share of $1.76M	Variability driver
Incident response engagement	$420K	24%	Retainer-rate, pivot complexity
Credential-reset cycle (org-wide)	$180K	10%	Headcount, MFA enrolment friction
Downstream pivot containment	$350K	20%	Cloud-data-exfil scope, blast radius
Data-loss notification spend	$295K	17%	Record count, state-mix
Forensic investigation	$220K	13%	Chain-of-custody requirements
Customer churn (3-year)	$165K	9%	Sector, brand exposure
Legal + class-action exposure	$130K	7%	Record sensitivity, jurisdiction

Sub-line proportions extracted from the Verizon DBIR 2025 spear-phish initial-vector cohort. The downstream pivot containment line is structurally larger than for bulk phishing because the target was selected for privileged access; the access was therefore valuable to the attacker on day one rather than something they had to escalate to.[Verizon DBIR 2025 spear cohort]

Exhibit D

Per-target-profile cost: which roles are most expensive when compromised

Spear phishing cost varies more by the target's role than by the attack-pattern sophistication. A successfully-phished entry-level analyst costs the organisation in the high five-figures of credential cleanup; a successfully-phished platform-engineering tech lead with cloud-admin permissions costs the organisation in the high seven-figures of pivot containment. The role taxonomy below uses the IBM 2025 per-role impact data cross-referenced with the SANS 2024 privileged-access study.

Cloud / platform engineer

Holds AWS / Azure / GCP root or near-root permissions. A single token-theft enables full-account exfil. Snowflake-customer wave of 2024 is the canonical example: attackers used compromised platform-engineering credentials to pivot into customer-tenancy data.

$3.1M

Sales engineer / customer-data

Holds SFDC export permissions on the full customer record. A spear-phish that yields the SFDC session cookie produces a complete customer-data extract that triggers state-by-state notification across the entire book.

$2.4M

Finance / treasury

Holds outbound-wire-approval authority. Pivots to BEC wire-fraud loss. See /by-attack/bec for the wire-loss anatomy.

$2.2M

HR / payroll

Holds W-2 / PII exposure on the whole employee population. A successful HR-mailbox spear-phish has triggered some of the largest single-incident PII notification events on record.

$1.4M

Engineering individual contributor

Source-code repository access. The pivot path is to GitHub or GitLab token theft, source-code exfil, and downstream secrets discovery in the codebase itself. Source-code disclosure is increasingly modelled as a 7-figure event.

$1.1M

C-suite executive

The attacker's pivot is typically to BEC (see /by-attack/bec) or to material-non-public-information leakage with SEC disclosure consequences. The dollar number is high not because the C-suite has unique technical access but because the legal-fines line dominates.

$2.9M

Entry-level individual contributor

Minimal direct pivot path. Cost is dominated by credential reset and the cost of investigating the lateral-movement attempts the attacker makes once they realise the target lacks privileged access.

$95K

Exhibit E

OSINT source map: where attackers harvest the personalisation inputs

A working knowledge of where the personalisation inputs come from helps defenders prioritise the cheap controls. The single most-used OSINT source for spear-phish targeting is LinkedIn, which provides role, reporting line, recent posts, conference attendance, and the entire colleague graph for free with a $40 per month Sales Navigator subscription. Second is the corporate website plus SEC filings, which provide executive bios, financial-disclosure timing, and material-event references that anchor lure credibility. Third is GitHub commit history, which exposes engineering org structure, code-review relationships, and (frequently) accidentally-committed secrets that can be used to pre-validate the lure.

The defensive implication is that the attacker's OSINT cost is dominated by manual review time, and that LLM-assisted OSINT collapses the manual review cost to near zero. Two years ago an attacker could afford to spear-phish maybe 20 targets per week as a solo operator. Today the same operator with a usable LLM in their workflow can spear-phish 2,000 targets per week. The volume increase changes the defender threat model from selective-targeting to universal-personalisation. Defenders should now assume that every employee with a LinkedIn profile is in scope for a personalised lure, not just executives.

Public defenses against OSINT-harvested spear-phish remain weak. There is no realistic way to remove staff from LinkedIn, and corporate disclosure requirements force most of the underlying inputs into public view anyway. The pragmatic move is to assume the personalisation surface is permanent and invest defensive budget downstream in the controls that work after the lure lands: phishing-resistant MFA, behavioural email security, and a privileged-access architecture that minimises blast radius from any single compromised account.[NCSC UK OSINT assessment 2024 + Verizon DBIR 2025]

Exhibit F

Control-cost ranking against spear-phish loss

The control ranking for spear phishing is materially different from the ranking for BEC. The BEC ranking is dominated by procedural finance controls; the spear ranking is dominated by identity and architectural controls because the pivot path runs through compromised credentials rather than wire fraud.

#1FIDO2 / hardware-key MFA across all accounts

~93% of token-theft pivot loss

Cost: ~$50 per user one-time

Phishing-resistant MFA is the only control that breaks the AitM session-cookie attack chain (see /by-attack/aitm). The single highest-leverage spear-phish defence.

#2Privileged-access blast-radius reduction

~60% of post-compromise pivot cost

Cost: 6-9 months of platform-engineering work

Architectural work: scope cloud-admin permissions, eliminate standing access, require just-in-time elevation. Reduces the downstream pivot containment line of the $1.76M event.

#3Behavioural email security

~50% of detected spear attempts

Cost: $42-$96 per mailbox per year

Catches lures that lack the typical anomaly signals (compromised-relationship sender, atypical writing style for the sender, novel link domain). See /email-security/abnormal-security-cost.

#4Phishing-simulation training program

~25% of bulk click rate, ~15% of AI-grade click rate

Cost: $20-$90 per user per year

Necessary but oversold. Materially less effective against AI-grade lures than against bulk lures. See /training/knowbe4-cost and /training/hoxhunt-cost.

#5DLP on engineering tooling

~40% of source-code-exfil cost

Cost: $30-$80 per engineer per month

Detects bulk source-code or customer-data exfil after compromise. Late in the kill chain but valuable for the high-cost engineer-IC and sales-engineer target profiles.

#6Session-cookie binding to device certificate

~70% of token-theft pivot

Cost: Platform-dependent (months of work)

The cleanest architectural defence: bind session cookies to the issuing device's hardware-attested certificate so a stolen cookie cannot be replayed elsewhere. Available in Microsoft 365 (token-protection conditional access) and Google Workspace (DBSC). Underused.

Exhibit G

The reference incidents

Three reference incidents anchor the modern spear-phish cost discussion. Each illustrates a different attacker pivot path and a different defender failure mode.

First, the Snowflake-customer wave of 2024. Attackers compromised platform-engineering credentials (typically through info-stealer malware delivered via a spear-phish or a malvertising channel) and used those credentials to log into customer Snowflake tenants that lacked enforced MFA. AT&T, Ticketmaster, Santander, and approximately 160 other Snowflake customers were affected. The pivot path was textbook: spear-phish a target with cloud-admin permissions, exfil credentials, log in directly to the cloud control plane. Defender failure mode: MFA was not enforced on the cloud tenant, even though the upstream identity provider had it.

Second, the Microsoft Storm-0558 incident of 2023. Chinese state-actor adversaries used a stolen Microsoft consumer signing key to forge tokens against multiple US government Exchange Online tenants. The initial access vector was an earlier compromise that yielded the signing key; the spear-phish element was the targeted exfil of specific government inbox content via the forged tokens. The incident drove the CISA + FBI joint advisory on Microsoft 365 token-handling and the Microsoft Secure Future Initiative.

Third, the Okta support-portal compromise of 2023. Attackers used a spear-phish against an Okta support engineer to gain access to a session cookie that had visibility into customer-support cases, including HAR files containing valid session tokens for downstream customers. The incident cascaded through customers including 1Password, BeyondTrust, and Cloudflare. Defender failure mode: the support engineer's session cookie was not bound to their device, and the customer HAR files contained tokens that should have been stripped before upload.[Snowflake-customer wave + CISA/FBI Storm-0558 advisory + Okta Oct 2023 incident report]

Exhibit H

Frequently filed questions

ON RECORD

What does a typical spear-phish incident cost?[open]

$1.76M average per Verizon DBIR 2025. Range runs from $95K (entry-level IC compromise) to $3.1M (cloud platform engineer compromise) depending on the target role.

Is AI making spear phishing worse?[open]

Yes. Hoxhunt 2026 measured 54% click-through on AI-generated lures vs 12% on human-written ones. Marginal lure cost dropped from ~$50 to under one cent. Defenders should assume universal personalisation.

Will training stop AI-spear-phish?[open]

Only partially. Training reduces bulk click rates by 30-50% over 18-24 months. The reduction against AI-grade lures is roughly half that. Training is necessary but insufficient.

What is the highest-leverage defence?[open]

FIDO2 / hardware-key MFA. It breaks the token-theft pivot chain regardless of lure quality. Cost is approximately $50 per user one-time.

Which target role is most expensive when compromised?[open]

Cloud / platform engineer (~$3.1M average), then C-suite (~$2.9M, dominated by legal fines), then sales-engineer with customer-data export rights (~$2.4M).

Does cyber insurance cover spear-phish loss?[open]

Yes, under the broader cyber-event coverage. Sub-limits are less aggressive than for BEC because the loss is operational rather than direct wire transfer. Most policies pay the IR engagement, notification, and forensic spend within the aggregate cyber limit.

How does spear-phish compare to bulk phishing on cost?[open]

Bulk phishing is roughly $380K per successful incident (APWG 2025) versus $1.76M for spear (Verizon DBIR 2025). Spear is 4.6x more expensive per incident because the target was pre-selected for privileged access.

Exhibit I