UK-based IT professionals twice as likely to moonlight as cyber criminals

Low salaries to blame for the emergence of grey hats drawn by greater financial rewards

IT professionals from the UK are almost twice as likely to engage in criminal 'grey hat' hacking than employees from the rest of the world, a new report has claimed.

The emergence of grey hats, defined as legitimate cyber security employees who also engage in criminal activity, was highlighted in a report titled 'White Hat, Black Hat and the emergence of the Grey Hat' The true cost of cybercrime' released today.

The findings also explored the high cost of cyber crime to organisations, how frequent major attacks can be, and how likely organisations are to suffer security breaches.

While only 4.6% of IT professionals across the world are perceived to be grey hats, this is true for 7.9% of UK employees - who are for instance more than twice as likely as their German counterparts, 3.4%, to cross the line and engage in cyber crime.

The greater likelihood for UK-based professionals to engage in cyber crime - with 32% saying they had been approached about participating in black hat activity against 22% from the rest of the world - coincides with low pay.

"There are a number of reasons that security professionals see as reasons for becoming a black hat, but the most common reason cited in our research is the ability to earn more money than by working as a security professional," the report said.

The average starting salary for IT professionals was the lowest in the UK compared against the five regions surveyed, which also included the US, Germany, Australia and Singapore. The research cited another study that suggested the most lucrative cyber criminals can earn more than $166,000 per month.

Collated by Osterman, and sponsored by cyber security company Malwarebytes, the findings also revealed the urge to cross the line correlates directly with the size of a company one works for. While grey hats represent only 2.8% of IT professionals in small businesses, this is true for 5.7% of employees working for larger firms.

Elsewhere the report revealed large organisations in the US are almost four times more likely to suffer major security events than UK organisations, 1.8 per year versus 0.5, while the total annual security cost is almost double, $1.896,724 versus $1,088,129.

The cost to large organisations, comprising 2,500 employees, is actually just under $100,000 less than the global average of $1,167,178, while they are also slightly less likely to suffer a major security incident than large businesses from the other regions surveyed, who experience 0.8 incidents per year.

"The current skills shortage combined with a steady stream of attacks against antiquated endpoint protection methods continues to drive up costs for today's businesses, with a seemingly larger hit to security departments of mid-market enterprises," said Marcin Kleczynski, Malwarebytes CEO.

"On top of this, we are seeing more instances of the malicious insider causing damage to company productivity, revenue, IP and reputation.

"We need to up-level the need for proper security financing to the executive and board level. This also means updating endpoint security solutions and hiring and rewarding the best and brightest security professionals who manage endpoint protection, detection and remediation solutions."

Image: Shutterstock

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

BEC scammers are using Google Forms to identify easy victims
phishing

BEC scammers are using Google Forms to identify easy victims

21 Jan 2021
Weekly threat roundup: SAP, Windows 10, Chrome
vulnerability

Weekly threat roundup: SAP, Windows 10, Chrome

21 Jan 2021
Biden nominees highlight tough cyber security challenges
cyber security

Biden nominees highlight tough cyber security challenges

20 Jan 2021
Report: Security staff excluded from app development
cyber security

Report: Security staff excluded from app development

20 Jan 2021

Most Popular

SolarWinds hackers hit Malwarebytes through Microsoft exploit
hacking

SolarWinds hackers hit Malwarebytes through Microsoft exploit

20 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021