The High Cost of Spam

By Allen Bernard

(Back to article)

A recent study by Ferris Research put the worldwide cost of spam in 2005 at $50 billion, with $17 billion of that cost being borne by U.S. businesses. While some in the security industry feel this number may be on the high side, even halving these numbers means that spam is more than just an in-box problem.

"It is most definitely expensive, it definitely causes a problem and would be great if it were addressed in some way," said Richard Stiennon, vice president of threat research at anti-spam, anti-spyware vendor Webroot Software.

Lost productivity; additional hardware; additional software licenses (including anti-spam and Exchange servers) to handle the massive amounts of unsolicited bulk emails that inundate network email gateways; the cost of IT staff needed to provision, maintain and monitor all that extra hardware and software; helpdesk calls from employees who really thought they were "Winners" ... it all adds up to a substantial number.

To come up with its figures, Ferris took into account all of these factors and added a few more it felt were too subjective to put a dollar value on but were important nonetheless:

  • the "opportunity costs" of emails lost or delayed to anti-spam software (an RFP, for example, that could have led to a large order);
  • the risk of employee litigation over pornographic material in their in-boxes;
  • user stress and frustration from having to deal with so much spam; and
  • the reduction in the value of email as a business tool.
  • Based on these factors, said Richi Jennings, an analyst with Ferris, "[o]ne can reasonably argue that our cost estimates err on the conservative side."

    If you add in the cost to network carriers, Ferris' numbers may indeed be even higher.

    According to Stiennon, worms, viruses, spam and other unwanted Internet traffic like phishing attempts and Trojans account for up to 50% of carriers' network traffic. And this is forcing many to lay new lines, which, in turn, costs money, which, in turn, raises customers' prices.

    Then there is the cost of regulatory compliance that requires companies to archive email. The more useless emails that are not blocked by anti-spam technology, the more time-consuming and expensive it is to store them, said Chris Miller, director of product marketing for anti-virus vendor Symantec.

    "I have to archive all communications and any mail I accept, technically, has to be archived," he said, referring to financial regulations such as Sarbanes-Oxley.

    Finally, there are the costs associated with the lost productivity of your IT staff, said Ted Anglace, senior security analyst with anti-virus/anti-spam vendor Sophos. What other projects could they be working on instead of baby-sitting extra Exchange servers (currently the most popular email server for business)? Would you even need as many staff if there were less spam?

    This includes helpdesk calls and clean-up costs from employees who may, however unwittingly, by-pass all of your expensive and thorough precautions by bringing to work some portable storage device and launching a spam-based worm/virus/trojan/spyware into the network.

    "Another way to look at it would be to say, 'Well, what things are not getting done that companies would like to get done?'" said Anglace. "It's this whole ecosystem where you tug on one little node of it and it ripples through the whole (company)."