IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

UK-based IT professionals twice as likely to moonlight as cyber criminals

Low salaries to blame for the emergence of grey hats drawn by greater financial rewards

Hacker in a hood on a computer

IT professionals from the UK are almost twice as likely to engage in criminal 'grey hat' hacking than employees from the rest of the world, a new report has claimed.

The emergence of grey hats, defined as legitimate cyber security employees who also engage in criminal activity, was highlighted in a report titled 'White Hat, Black Hat and the emergence of the Grey Hat' The true cost of cybercrime' released today.

The findings also explored the high cost of cyber crime to organisations, how frequent major attacks can be, and how likely organisations are to suffer security breaches.

While only 4.6% of IT professionals across the world are perceived to be grey hats, this is true for 7.9% of UK employees - who are for instance more than twice as likely as their German counterparts, 3.4%, to cross the line and engage in cyber crime.

The greater likelihood for UK-based professionals to engage in cyber crime - with 32% saying they had been approached about participating in black hat activity against 22% from the rest of the world - coincides with low pay.

"There are a number of reasons that security professionals see as reasons for becoming a black hat, but the most common reason cited in our research is the ability to earn more money than by working as a security professional," the report said.

The average starting salary for IT professionals was the lowest in the UK compared against the five regions surveyed, which also included the US, Germany, Australia and Singapore. The research cited another study that suggested the most lucrative cyber criminals can earn more than $166,000 per month.

Collated by Osterman, and sponsored by cyber security company Malwarebytes, the findings also revealed the urge to cross the line correlates directly with the size of a company one works for. While grey hats represent only 2.8% of IT professionals in small businesses, this is true for 5.7% of employees working for larger firms.

Elsewhere the report revealed large organisations in the US are almost four times more likely to suffer major security events than UK organisations, 1.8 per year versus 0.5, while the total annual security cost is almost double, $1.896,724 versus $1,088,129.

The cost to large organisations, comprising 2,500 employees, is actually just under $100,000 less than the global average of $1,167,178, while they are also slightly less likely to suffer a major security incident than large businesses from the other regions surveyed, who experience 0.8 incidents per year.

"The current skills shortage combined with a steady stream of attacks against antiquated endpoint protection methods continues to drive up costs for today's businesses, with a seemingly larger hit to security departments of mid-market enterprises," said Marcin Kleczynski, Malwarebytes CEO.

"On top of this, we are seeing more instances of the malicious insider causing damage to company productivity, revenue, IP and reputation.

"We need to up-level the need for proper security financing to the executive and board level. This also means updating endpoint security solutions and hiring and rewarding the best and brightest security professionals who manage endpoint protection, detection and remediation solutions."

Image: Shutterstock

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
Delivery firm Yodel disrupted by cyber attack
cyber attacks

Delivery firm Yodel disrupted by cyber attack

21 Jun 2022