Reference / Trust surface

How we source phishing-related cost figures

Cost ranges on this site are based on public reference material across the relevant landscape. The publishers below are representative of the kind of source that informs our positioning, not an exhaustive extraction map per figure. A specific figure on a specific page is not necessarily anchored to a single named publisher.

Sources

Awareness-training vendor public pricing. KnowBe4, Hoxhunt, Cofense, Proofpoint Security Awareness, Mimecast Awareness, Infosec IQ, Living Security and others where pricing is publicly disclosed.
Email security platform public pricing. Microsoft Defender for Office 365, Proofpoint, Mimecast, Abnormal Security, Avanan (Check Point), IRONSCALES, Tessian and others.
Public breach-cost research. Verizon DBIR (phishing as initial access vector statistics), IBM Cost of a Data Breach Report, Ponemon Cost of Phishing Study, Cisco Talos and Microsoft Digital Defense Report.
Practitioner survey data. Public surveys from r/cybersecurity, SANS Security Awareness Report, CSO Online and ISMG industry coverage.

What we deliberately do not publish

Vendor efficacy claims as fact. We describe what each vendor publishes about its own efficacy; we do not endorse those claims.
Specific customer breach costs. Where a specific phishing breach cost is known to us through public reporting, it is described in band terms only.
Side-by-side feature grids. We publish positioning notes per vendor but not feature grids. Email-security feature parity changes quarterly.

Update cadence

Site values update only when the underlying reality changes. Triggers:

New Verizon DBIR edition (annual)
New IBM Cost of a Data Breach Report
Major awareness-training or email-security vendor pricing-model change
New entrant publishing pricing materially below the existing band

Cosmetic date bumps are not made.

Editorial position

This site is operated by Digital Signet, an independent AI-development studio. Digital Signet does not sell awareness training, does not sell email security, does not run a phishing-simulation practice, and does not accept paid placements from any vendor in the anti-phishing space. See /about for the operator and the wider network.

Editorial direction is set by Oliver Wakefield-Smith. Drafts are produced via Digital Signet's autonomous AI development methodology and reviewed against the editorial framework before publication.

Contact

For methodology questions, corrections, or scenarios that don't fit cleanly: [email protected].