Anti-Malvertising ROI: What is the Real Cost of Malvertising?
by Geoff Stupay, on Aug 28, 2020 12:27:45 PM
We could quote you all the big scary statistics, like the fact that by 2022, digital ad fraud is expected to cost companies $44 billion in lost revenues. But it is hard to understand how that really applies to your situation, and in reality that bears little importance in the decisions you need to make about how to protect your website or digital properties.
Instead, we’ll give you a walkthrough of how malvertising tends to affect revenue and create costs, so you can think about how they apply to your organization.
In all honesty, though, trying to determine exactly how much malvertising costs or will cost is like trying to look through a crystal ball into an alternate dimension.
Let’s demonstrate this with an example most of us are familiar with: insurance. We all buy health insurance and car insurance, so we are pretty well versed in how the process works. In order to sell you car insurance, the insurance company must estimate how much you may cost them in the event you have an accident.
The insurance company is trying to come up with a guess about something that hasn’t happened yet, may never happen, or that the driver may be able to prevent from happening at all.
The way insurance companies have solved this is to put together estimates of costs based on probabilities of certain events happening, demographics about you that would indicate your likelihood to be involved in an accident, and the average costs for recovering from those events.
In the end, what it looks like is an educated guess.
Now let’s look at malvertising, which has even more “what if’s” associated with it.
In order to understand how much malvertising may cost you, there are a couple of different factors to consider. There soft costs and hard costs (which are inexorably intertwined). And there multiple different ways to fight malvertising, the differences between them heavily affecting the ultimate costs of malvertising itself.
Let’s begin with looking at more of the “soft” costs, or things that are tough to really measure in dollars.
User Experience & Satisfaction
Usually, the first indicator that you may have a problem with malvertising are user complaints.
As a publisher, this means your audience or readers. Some of our audience will be very vocal when they have negative experiences on your platform. The rest of them will simply leave or choose not to come back.
Some indicators or metrics that you might look at to discover issues with user experience might be session duration or the total number of page views per session.
For instance, one of our clients (prior to using our solution), PubPlus happened to notice that “when our clients’ sites were under attack [by malvertisers], we would see a drop of 50% of our session duration and total page views per session.”
When under a large scale attack it becomes easy to see some of those metrics make big drops or changes. However, you may be slowly declining over the course of smaller, longer-term attacks and may not notice a significant enough change in your metrics to alert you to the issue..
Another aspect that makes it tough to estimate the effects of malvertising on your user satisfaction is the fact that session duration and page views as metrics may also be affected by other things. These are the very same metrics we would look at to determine the quality of the content we are producing or to judge the ease of navigation through our site.
What we do know, is that negative user experiences, especially over the long term will absolutely hit your revenue like a freight train. As a publisher, your lifeblood is your audience. And keeping them happy keeps your revenue flowing.
Highly related to user experience is your brand reputation. Most of the time if there is a hit to your reputation, it is a direct result of problems with your user experience.
You’ll frequently find, especially with large publishers, that frustrated users take to social media to rant about bad experiences.
In today’s world, where much of our life is lived digitally rather than in-person, having negative digital touchpoints is increasingly damaging to your reputation as a brand.
Brand reputation, while hard to tie exact costs is the most important asset you have as a publisher, and not to be taken lightly.
Now let’s shift gears to trying to measure the hard costs of both the revenue losses you may suffer at the hands of malvertising and the direct costs of the efforts required for you to clean up the messes that result.
The way in which malvertising results in revenue loss for you as a publisher is tied in directly to your user experience.
Let’s follow the vicious cycle that happens when your site suffers with from user experience issues related to malvertising:
- Bad actors target your site.
- Users are bombarded with redirect ads and other negative experiences like unauthorized audio ads, clickjacking attacks, video stuffing, and more.
- Users get frustrated and annoyed.
- Users leave your site (remember that stat about how PubPlus would see a 50% drop in key metrics above?)
- With a drop in users on your site, you have a drop in available advertising impressions to sell.
- You make less money.
In addition to the metrics already noted, PubPlus did an extensive analysis to understand the implied revenue loss that malvertising would have on their business if it remained unsolved.
“While malvertising tends to come and go, we conservatively estimate that our monthly revenue loss was estimated at close to 3%,” noted Omry Aviry, Chief Product Officer at PubPlus. “This doesn’t even factor in the other benefits of ensuring our clients’ readers the best reading and user experience the publisher site has to offer.”
Because there are plenty of other inputs into the cycle, and you can only see the true revenue effects of malvertising after it has happened, you can see why identifying an exact cost of malvertising is borderline impossible.
The other half of the equation is how much you have to pay to deal with cleaning up the messes. This cost usually is less of a question of the number of people on your Ad Operations team, but more a question of the value of their time.
During malvertising attacks, the typical response for the entire AdOps team has to become “drop everything and put out the fire.” This means forgoing strategic or very important activities where their time or focus should be.
Often, what teams find when they truly have a solution that blocks malicious ads with little or no intervention, is that they can focus on more strategic activities that add to or improve their revenue.
Again, trying to tie an exact number to that is impossible as it changes in each situation. However, what you can measure are the salaries of the people you are paying simply to put out fires (rather than using their talents on more strategic activities).
The national average salary for an Ad Ops specialist, in particular, is $52,477 per year. In general, the national median salary for an Ad Ops professional is $67,480 with bonus perks adding easily close to another $10,000.
ROI of Anti-Malvertising Solutions
Now is where the fun begins. Let’s switch gears from a cost conversion to an ROI conversation.
Different methods for fighting malvertising result in different outcomes for both malvertisers themselves and you as an organization. You can get really granular as you break down and compare solutions, but for the purposes of ROI discussion we are going to group them into two categories:
- Solutions that just work to get rid of malvertisers.
- Solutions that both get rid of malvertisers and make them pay for their attempted attacks.
In the first category are tools that work to identify and remove malvertisers before they are able to serve an ad to your users.
Ultimately, the most important results in the way these tools work is:
- If a malvertiser is identified, they are blocked from serving an ad and never have to pay you.
- If a malvertiser bypasses your protections (which unfortunately happens more than you’d like with these tools), they get to serve ads to your users. While they pay for the ad in this instance, they achieve positive ROI from their malicious activities.
Solutions in the second category (hint: it’s really just clean.io in this category) work to identify malvertisers after they pay you for their impression, but stop their malicious code before users ever feel the effects.
The most important results in the way this kind of tool works is:
- Malvertisers always pay for their ads: The beauty of this solution is that you aren’t sacrificing any revenue. Bad actors pay for every ad, but users don’t have any of the negative experiences.
- Malvertisers actually stop targeting you: At the end of the day, when bad actors are analyzing performance, they’ll see that they are spending money and getting zero ROI. They’ll simply pick up their bags and go target someone else instead.
How this all factors into the “cost” conversation boils down to this: tools that truly make malvertising unprofitable preserve more of your revenue than tools that just try to block malvertisers, meaning they provide you more ROI in the long run.
How much malvertising may cost you will depend on a huge variety of factors including the size of your audience, the cost of your ad impressions, which ad exchanges you use, and more.
Ultimately if you are dedicated to protecting your audience, providing them a good experience, and maintaining your brand reputation, you will at some point have to consider an anti-malvertising tool.
In most cases, it really is just an ROI and cost conversation. Does the cost of the tool justify the savings in both dollars and effort? And that truly depends on how you evaluate the factors above in your unique situation.
Try clean.io free for 30-days to see why major publishers trust our platform as the simplest, smartest, and most effective anti-malvertising solution available.