FOSTER CITY, Calif. (Nov. 1, 2019) – When an accounts payable manager at a South Carolina-based company fell for an email scam containing a vendor invoice worth over $1 million, she was promptly fired.

This real-world example is more common than not these days. Employees are scared. Why take the risk, when clicking a button to report a suspected phishing email is a simple way to reduce that fear? Security operations center (SOC) analysts are frustrated, because they spend a whopping 7.11 hours per incident, on average, assessing false positives reported by employees; time that could be better applied to triaging true-phish attacks. SOCs are working around the clock with limited resources, due to the fact that 3 billion phishing emails are sent daily, and all it takes is one vulnerability to get past organizations’ current security measures, causing a catastrophic data breach.

Email security firm Agari does the numbers, in its latest Email Fraud and Identity Deception Trends quarterly report released in full yesterday. The results are telling. SOCs that embrace automation save on average more than $11 million, annually. The problem is most SOCs are still reliant on manual processes.

To calculate a custom ROI for your organization, visit

The question is: Should the employee in finance, payroll, marketing or any department other than Infosec really be an email security and phishing email expert? Most email security experts say, “no.” At the CISO event Trust 2019, this topic – removing human vulnerability in phishing threats – dominated discussions. The elusive variable causing employee angst and missed savings at most SOCs is automation. Many SOCs still manually assess emails flagged as suspicious, making the need for SOCs to find ways to automate and accelerate the processes involved with incident response grow more urgent by the day.

Automation, underpinned with machine learning, drives the efficiencies most SOCs seek. When asked how cutting the time required for phishing incident response through automated processes would impact their overall breach risk, respondents to Agari’s quarterly survey estimated average risk reductions of 59 percent.

In the U.S., that figure rose 2 percent from the previous quarter’s survey, to an average 58 percent reduction in breach risk, while in the U.K., estimates rose 2 percent during the same period, to an average 50 percent reduction.

On a global basis, a 59 percent reduction in breach risk would result in a $708,000 decrease in annual breach risk for the average business.

“SOCs cannot hire analysts fast enough, so much so that the cybersecurity industry has nearly zero unemployment,” said Armen Najarian, Chief Identity Officer, Agari. “The cybersecurity staffing gap is really a chasm. A clear and urgent need exists for SOCs to embrace automation to bring balance to the time and cost being spent on phishing incident response, in this era of low employment but high threat.”

Headcount needs at large enterprises rose 23 percent quarter-over-quarter. Besieged by an incessant stream of phishing incidents, the average number of SOC analyst per organization topped 16.9, during the quarter up from 15.3 previously. Based on the average 35,108 phishing incidents organizations face annually combined with the average time to remediate these incidents, the average SOC needs 136 analyst working 40 hours a week on nothing but incident response to remediate successfully all reported emails, legitimate phishes and false positive emails.

The average number of SOC analysts per organization in the Agari survey is 16.9, which indicates a staffing gap of at least 119 FTEs. “That number is enough to staff an entire red team,” Najarian noted.

“Email fraud is big business for the scammers; email fraud prevention is just as important as door locks, fences and other efforts to protect physical assets. Take a look at the recent study BBB has published on business email compromise found here,” said Lori Wilson, President & CEO of Better Business Bureau serving the San Francisco Bay Area.

About Agari
Agari is transforming the legacy Secure Email Gateway with its next-generation Secure Email Cloud powered by predictive AI. Leveraging data science and real-time intelligence from trillions of emails, the Agari Identity Graph™ detects, defends and deters costly advanced email attacks including business email compromise, spear phishing and account takeover. Winner of the 2018 Best Email Security Solution by SC Magazine, Agari restores trust to the inbox for government agencies, businesses and consumers worldwide. Learn more at

Media Contact
Jean Creech Avent
Sr. Director, Global Corporate Communications
+1 843-986-8229