A report released by the Global Cyber Alliance in late October attempts to quantify the expenses avoided by the companies that they have helped to implement strict DMARC policies (quarantine or reject). The full report (available here) contains a wealth of information and quotes from GCA and industry partners, while the executive summary shares a conservative estimate of US$19 million avoided in 2018 across 1,046 companies, and $302,000 annually for the most heavily targeted 1%. These figures are heavily dependent on a number of statistics and assumptions, which are detailed in the full report.

The overall estimate could be as high as $66MM if the success rate for BEC attacks were 5%, rather than the 1% figure used in the conservative estimate.