UK-based IT professionals twice as likely to moonlight as cyber criminals

Low salaries to blame for the emergence of grey hats drawn by greater financial rewards

IT professionals from the UK are almost twice as likely to engage in criminal 'grey hat' hacking than employees from the rest of the world, a new report has claimed.

The emergence of grey hats, defined as legitimate cyber security employees who also engage in criminal activity, was highlighted in a report titled 'White Hat, Black Hat and the emergence of the Grey Hat' The true cost of cybercrime' released today.

Advertisement - Article continues below

The findings also explored the high cost of cyber crime to organisations, how frequent major attacks can be, and how likely organisations are to suffer security breaches.

While only 4.6% of IT professionals across the world are perceived to be grey hats, this is true for 7.9% of UK employees - who are for instance more than twice as likely as their German counterparts, 3.4%, to cross the line and engage in cyber crime.

The greater likelihood for UK-based professionals to engage in cyber crime - with 32% saying they had been approached about participating in black hat activity against 22% from the rest of the world - coincides with low pay.

"There are a number of reasons that security professionals see as reasons for becoming a black hat, but the most common reason cited in our research is the ability to earn more money than by working as a security professional," the report said.

Advertisement - Article continues below
Advertisement - Article continues below

The average starting salary for IT professionals was the lowest in the UK compared against the five regions surveyed, which also included the US, Germany, Australia and Singapore. The research cited another study that suggested the most lucrative cyber criminals can earn more than $166,000 per month.

Collated by Osterman, and sponsored by cyber security company Malwarebytes, the findings also revealed the urge to cross the line correlates directly with the size of a company one works for. While grey hats represent only 2.8% of IT professionals in small businesses, this is true for 5.7% of employees working for larger firms.

Elsewhere the report revealed large organisations in the US are almost four times more likely to suffer major security events than UK organisations, 1.8 per year versus 0.5, while the total annual security cost is almost double, $1.896,724 versus $1,088,129.

The cost to large organisations, comprising 2,500 employees, is actually just under $100,000 less than the global average of $1,167,178, while they are also slightly less likely to suffer a major security incident than large businesses from the other regions surveyed, who experience 0.8 incidents per year.

Advertisement - Article continues below

"The current skills shortage combined with a steady stream of attacks against antiquated endpoint protection methods continues to drive up costs for today's businesses, with a seemingly larger hit to security departments of mid-market enterprises," said Marcin Kleczynski, Malwarebytes CEO.

"On top of this, we are seeing more instances of the malicious insider causing damage to company productivity, revenue, IP and reputation.

"We need to up-level the need for proper security financing to the executive and board level. This also means updating endpoint security solutions and hiring and rewarding the best and brightest security professionals who manage endpoint protection, detection and remediation solutions."

Image: Shutterstock

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
ethical hacking

Mobile banking apps are exposing user data to attackers

26 Jun 2020

Most Popular

Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020

How to find RAM speed, size and type

24 Jun 2020

The road to recovery

30 Jun 2020