In an earlier article, I mentioned that enterprise hates illicit robocalls because receiving illicit robocalls can consume significant time and resources for a company’s employees. I will dwell on this point a little further in this article.
The Direct Cost of Incoming Robocalls
The direct cost of illicit incoming robocalls for an enterprise can quite easily be calculated:
Assume that 10% of calls are robocalls since this is in line with the estimates mentioned in my earlier article
Since most organizations use IVRs, let’s assume that the robocalls reach the IVR systems. We carried out some field research on IVR systems – calling up companies and checking how long the IVR stayed connected without input. On average, most IVRs stay online for 3 minutes for no-input calls – because the IVR script repeats itself twice before disconnecting when no input (or wrong input) is received.
Now, the average service provider charges roughly 7/10th of a cent per min. Add this to the operational cost of a simple hosted IVR, which also costs roughly 7/10th of a cent per minute, so the total cost for a single silent robocall received on an IVR can be 1.4 cents per minute. Still, since the IVR will stay online for 3 minutes – the cost comes to 4.2 cents per call.
Be aware that additional capabilities such as complex voice recognition and multi-language support can multiply the costs.
If you have 5 million calls incoming per month, that means you also have 500,000 robocalls incoming per month, so you already spend USD 21,000 per month on robocalls that waste time, resources, attention…
The Indirect Cost of Incoming Robocalls
The cost of broken attention
According to a joint paper of the University of California at Irvine and the University of Berlin, interruptions at work are a lot more expensive than we’d imagine – every person interrupted takes as much as 23 minutes to get back to the same state of flow. Imagine an employee interrupted by a spam/scam call – given the average salary of USD 27.57 per hour – we can assume that the cost of each successful interruption is USD 10.56. You could say that even this is an undercalculation because the salary is just one part of the employee’s cost to the company. Which in turn is only a fraction of the value added by the employee to the company.
Considering the value added per employee in the USA is USD 114,920, this comes to USD 22 – this is the loss of value to the company for each robocall interruption.
The Security Risk
As with regular folks, employees too may end up receiving robocalls from the “Internal Revenue Service, or “Social Security Administration”, talking about issues with their paperwork, encouraging them to call and share their personal details, which can then be used for fraud. Another technique is to pretend to be from the car service center or the computer and technical support department of the company, ask that they call up a number and share details/information. These kinds of robocalls not only pose a risk to the individual but also to the company they work for – smart scamsters will use a tricked employee to gather information about the company and its practices, which can then be used as a jumping-off point for breaches and data stealing. Scarier are cases where employees, believing the ‘support agent’ of the technical support department, give the agent remote access to their laptops, or download the ‘anti-malware utility’ from the link shared by the agent, triggering off ransomware attacks.
Unlike popular assumptions, robocalls are not just a customer problem – enterprises are impacted by them too. The financial costs are higher than what one would expect, and the non-financial impacts can get pretty high too, especially with ransomware getting added to the mix.
In the next article, we will talk about what actions are being planned for and taken by the caretakers of the telephony ecosystem (the FTC and the major service providers) and what you as an enterprise can do to protect yourself, your employees, and your customers from the robocall pandemic.
Have more questions? Send me an email at securityeducation@assertion.cloud
About Assertion:
Assertion® is a leading communication security solutions provider that empowers companies to Collaborate Confidently. Our ultimate goal is to secure every conversation through our advanced AI-enabled collaboration security solutions. We also provide holistic infrastructure security for over 38 collaboration products, including full-stack collaboration security solutions for the UC and CC stack.