UK-based IT professionals twice as likely to moonlight as cyber criminals
Low salaries to blame for the emergence of grey hats drawn by greater financial rewards
IT professionals from the UK are almost twice as likely to engage in criminal 'grey hat' hacking than employees from the rest of the world, a new report has claimed.
The emergence of grey hats, defined as legitimate cyber security employees who also engage in criminal activity, was highlighted in a report titled 'White Hat, Black Hat and the emergence of the Grey Hat' The true cost of cybercrime' released today.
The findings also explored the high cost of cyber crime to organisations, how frequent major attacks can be, and how likely organisations are to suffer security breaches.
While only 4.6% of IT professionals across the world are perceived to be grey hats, this is true for 7.9% of UK employees - who are for instance more than twice as likely as their German counterparts, 3.4%, to cross the line and engage in cyber crime.
The greater likelihood for UK-based professionals to engage in cyber crime - with 32% saying they had been approached about participating in black hat activity against 22% from the rest of the world - coincides with low pay.
"There are a number of reasons that security professionals see as reasons for becoming a black hat, but the most common reason cited in our research is the ability to earn more money than by working as a security professional," the report said.
The average starting salary for IT professionals was the lowest in the UK compared against the five regions surveyed, which also included the US, Germany, Australia and Singapore. The research cited another study that suggested the most lucrative cyber criminals can earn more than $166,000 per month.
Collated by Osterman, and sponsored by cyber security company Malwarebytes, the findings also revealed the urge to cross the line correlates directly with the size of a company one works for. While grey hats represent only 2.8% of IT professionals in small businesses, this is true for 5.7% of employees working for larger firms.
Elsewhere the report revealed large organisations in the US are almost four times more likely to suffer major security events than UK organisations, 1.8 per year versus 0.5, while the total annual security cost is almost double, $1.896,724 versus $1,088,129.
The cost to large organisations, comprising 2,500 employees, is actually just under $100,000 less than the global average of $1,167,178, while they are also slightly less likely to suffer a major security incident than large businesses from the other regions surveyed, who experience 0.8 incidents per year.
"The current skills shortage combined with a steady stream of attacks against antiquated endpoint protection methods continues to drive up costs for today's businesses, with a seemingly larger hit to security departments of mid-market enterprises," said Marcin Kleczynski, Malwarebytes CEO.
"On top of this, we are seeing more instances of the malicious insider causing damage to company productivity, revenue, IP and reputation.
"We need to up-level the need for proper security financing to the executive and board level. This also means updating endpoint security solutions and hiring and rewarding the best and brightest security professionals who manage endpoint protection, detection and remediation solutions."
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now