VerefVeref
All articles

Research

The true cost of a single bad hire from fraud.

The headline number is $15,000, but the full cost of a bad hire from interview or reference fraud runs far higher. Here is the breakdown most CFOs do not see.

PF

Poya Farighi

Founder, Veref

March 3, 20268 min read

The widely-cited $15,000 figure for a bad hire is an undercount. It captures recruiting spend and the first few weeks of lost productivity. It does not capture the operational damage, the security exposure, or the reputational cost of a hire that came through a fraudulent interview or reference check. For most roles, the full cost runs three to ten times the headline number. For security-sensitive roles, it can run a hundred times higher.

This article builds the full cost picture, explains where each component comes from, and shows the break-even math on verification spend. The goal is to give anyone making the budget case (a head of Talent, a CFO, a CISO) a defensible set of numbers to work with.

What is the headline number, and where does it come from?

The U.S. Department of Labor cites roughly $15,000 as the average cost of a bad hire. The figure comes from their cost-of-turnover methodology, updated in 2023, and captures three main components:

Recruiting and onboarding sunk cost. The recruiter hours spent sourcing, screening, interviewing, and coordinating. The internal team hours spent interviewing. The external spend on sourcing tools, assessment platforms, and background checks. For a mid-level professional role, this typically runs $5,000 to $8,000.

First-weeks salary and benefits. The compensation paid before the mismatch is identified. For a six-week tenure on a $100,000 annual salary, that is roughly $11,500 in direct comp plus $2,500 in benefits and employer taxes.

Replacement cost at the end. The sunk cost of running the search again, which often gets rolled into the original number as half the original recruiting spend.

Add these together and you get something in the $12,000 to $18,000 range for a typical mid-level role. The DOL figure sits in the middle of that range, and it is roughly what SHRM's benchmarking data shows.

The number is directionally correct. It is also the tip of the iceberg.

What does the headline number miss?

Three categories of cost the DOL methodology does not capture, in order of size.

Operational cost

Operational cost is the lost productivity, team disruption, and opportunity cost associated with a bad hire in a real job. It is by far the largest component for most roles, and it is the hardest to measure precisely, which is why it gets omitted from the headline.

In engineering, a bad hire on a six-month tenure typically introduces three to six weeks of rework on whatever code or infrastructure they touched. A senior engineer making $180,000 whose work has to be reversed imposes roughly $20,000 in direct cost (their salary for six weeks) plus $40,000 to $60,000 in the time of the colleagues who rewrite or review the work plus the opportunity cost of whatever those colleagues were not shipping.

In sales, a bad hire is deals that did not close. A mid-market AE making $120,000 base plus commission who fails a four-month ramp typically results in $200,000 to $400,000 in missed pipeline, because the territory sat partially covered during their tenure and the replacement takes three more months to get up to speed.

In operations and finance, a bad hire is process breakage. A controller who misunderstood the month-end close for a quarter can produce restatement work, audit cost, and board-level anxiety that runs six figures before you add the direct comp.

For most professional roles, operational cost runs two to five times the headline direct cost.

Security exposure

Security exposure is a different kind of cost. It is a tail risk, not a steady state. Most fraudulent hires do not result in a breach. The ones that do are catastrophic.

The median cost of a data breach in 2024, per IBM's Cost of a Data Breach Report, was $4.88 million. The median cost of a breach where the entry vector was an insider, authorised user was materially higher. A fraudulent hire with legitimate credentials is, by definition, an insider with full authorisation. The blast radius is whatever systems their role permits them to touch: customer data, source code, payment systems, infrastructure credentials, privileged vendor access.

In 2024, the U.S. Department of Justice indicted multiple schemes in which North Korean IT workers had been placed at hundreds of Fortune 500 companies through fraudulent identity and reference checks. Estimated recoverable damages ran into the hundreds of millions. Several of those companies filed 10-K disclosures describing the incidents as material events.

Security exposure as a cost has a thin-tailed distribution in expectation terms but a fat tail in realisation terms. For security-sensitive roles (engineering, finance, executive, vendor management, privileged access), the expected value of a fraudulent hire's security cost can exceed every other cost category combined.

Reputational cost

Reputational cost is what happens when a fraudulent hire becomes public. A leaked technical interview recording. A customer data breach traced to an employee who turns out not to exist. An investor question on the next fundraising call about hiring controls.

Reputational cost shows up in three places. Inbound recruiting slows because top candidates read the press coverage and decline to apply. Sales cycles lengthen because customers ask for additional assurance on hiring controls. Founder and executive credibility takes a hit that measurably affects fundraising terms, M&A conversations, and employee retention.

None of these is easy to put a dollar value on. All three are real. The way CFOs typically handle it is to model it as a one-off multiplier on the direct cost for the subset of incidents that go public, which is usually assumed to be 10 to 20%.

How does verification compare as a cost?

Veref pricing is per-action with automatic volume discounts: Verified Interviews from $7.50, Identity-Verified References from $9, and Candidate ID Checks from $7, dropping to $3-$4 per action at scale. For a talent team running 200 candidates a quarter through the full verification funnel (interview, references, and ID check), the total spend runs in the low thousands per quarter at entry tier, and materially less per unit as volume climbs.

Against that number, compare the expected cost of fraudulent hires without verification.

If the baseline fraud rate is 1% of hires (the lower end of the plausible range for a mid-size technology company in 2026), and the average full cost of a fraudulent hire is $50,000 (direct plus operational, excluding the tail of security and reputational cost), then the expected cost of fraud per 200-candidate quarter is:

200 candidates × 0.01 fraud rate × $50,000 per incident = $100,000 per quarter

Verification spend of $4,000 to $10,000 against $100,000 of expected fraud cost is a 10:1 to 25:1 return. That is before any consideration of the tail risk on security and reputational costs, which is where the CFO's attention usually lives.

The math is robust to the inputs. Even at 0.25% fraud rate and $20,000 average cost, the verification spend still returns 2:1 to 5:1. At higher fraud rates in higher-stakes industries, the return is an order of magnitude higher.

Where should the budget actually come from?

Talent Acquisition owns the line on the P&L. The benefit accrues to Engineering, Sales, Security, and the broader business. That creates a classic budget misalignment where the team paying does not capture most of the upside.

The pattern we see at high-performing companies is to split the cost across business units on a usage basis. Engineering's hires are funded by Engineering. Sales hires are funded by Sales. Security roles get the Security budget to pay for their own verification because the security upside to them is the largest single component of the return.

This structure is not strictly necessary. Most companies just run verification as a TA line item and leave it at that. But for finance-savvy CFOs, the cross-functional allocation is a cleaner model and produces faster budget approval because no single department is carrying the full cost.

What should a CFO actually know?

Three things, in order of importance.

The risk-transfer framing matters more than the direct cost math. A CFO who is told "we are spending $40,000 a year on verification" responds differently than one who is told "we are transferring a low-frequency, high-severity risk off our balance sheet for $40,000 a year." The second framing is the accurate one. Use it.

The tail risk is where the return actually lives. Most of the expected value of verification is not in catching the 1% of candidates who are fraudulent. It is in avoiding the one-in-a-thousand case where a fraudulent hire becomes a breach that produces material disclosure or a regulatory finding. That is where the $4.88 million IBM number becomes relevant.

Verification is a structural fix, not an ongoing cost. Unlike many talent spend lines, verification spend is consumption-based. You pay per candidate, the infrastructure is shared across the network, and the marginal cost per additional candidate is close to zero after the first. This is not a renewing SaaS subscription for a tool that gets less valuable every year. It is insurance that gets more valuable as fraud rates continue to rise.

If you want the full budget model with your hiring volume, your average role cost, and your industry-specific fraud rate, book a 25-minute call and we will send it ahead of the meeting.

Sources and further reading

  1. [1]Cost of a bad hire · U.S. Department of Labor, 2023
  2. [2]Insider threat economics · Ponemon Institute, 2023
  3. [3]Hiring fraud incident reports · Gartner, 2024
  4. [4]SHRM Human Capital Benchmarking Report · SHRM, 2024
  5. [5]Cost of a Data Breach Report · IBM Security, 2024

Frequently asked questions

Is $15,000 a US figure or a global figure?+

The $15,000 number is a US-centric average. In higher-cost markets (London, New York, San Francisco) it is materially higher. In lower-cost markets it is lower, but the relative cost of a bad hire as a multiple of salary is similar.

How should I present this to my CFO?+

Frame it as insurance against an operational risk. The cost of one verified candidate is a small fraction of the expected cost of one fraudulent hire. The math is identical to any other risk-transfer decision.

Does this apply to contractors and RPO placements too?+

Yes, and often more so. Contractors often have broader access with less onboarding rigor, which magnifies the downstream cost of a fraudulent hire.

What is the expected rate of fraudulent hires without verification?+

At current attack rates, 1 to 3% of remote hires in technology and 3 to 8% in BPO are fraudulent by some measure. The rate is higher where the stakes are higher and lower where the role is less attractive to attackers.

Can we self-insure against this?+

Technically yes. In practice, self-insuring against hiring fraud means accepting the full distribution of outcomes, including the tail risk of a breach traced to a fraudulent hire. Most CFOs prefer the verification premium to the variance.

Keep reading

All articles

Research

How common are deepfake interviews in 2026?

A research-backed baseline on the scale, speed, and economics of deepfake hiring fraud, with what talent teams can do about it this quarter.

April 8, 2026 · 10 min

Playbook

What is an AI interview co-pilot, and why does it matter?

The fastest-growing category of interview fraud is not deepfakes, it is real candidates running AI assistants in a second window. Here is how to spot it and what to do.

April 2, 2026 · 8 min

Playbook

Why email-based reference checks no longer work.

Every incumbent reference tool takes a candidate-supplied email at face value. Here is why that model is broken, and what verified references look like instead.

March 26, 2026 · 8 min

Ready to verify your next hire end-to-end?

See Veref on a 25-minute demo with your real candidate flow.

Book a demo