Skip to main content

Nearly all UK companies hit by security incidents last year

(Image credit: Image Credit: Everything Possible / Shutterstock)

New research from Malwarebytes has revealed that 97 per cent of UK companies were impacted by security incidents in the last year.

The firm's new “White Hat, Black Hat and the Emergence of the Grey Hat; The True Costs of Cybercrime (opens in new tab)” report explored IT security costs from budget and remediation, to hiring, recruiting, retention and the rise of Grey Hat activity by surveying 900 security professionals across the US, UK, Germany Australia and Singapore.

Malwarebytes research found that UK-based organisations had the highest rate of attack during the past 12 months with 97.1 per cent of the organisations surveyed admitting that they had fallen victim to a significant security threat which is well above the global average of 72.6 per cent.

Organisations in the UK also have the lowest security budgets of the five nations surveyed and the average budget for a 2,500-employee organisation was just under £200,000 in 2017. This is expected to grow to £220,000 in 2018 but this increase of just 10 per cent makes the region one of the lowest growth rates for security budgets.

The report also found that salaries for security professionals in the UK are low with the average starting salary for an entry-level security professional to be the lowest among the five nations surveyed.

Grey Hats, who work both as cybercriminals and security professionals, are the most common in the UK and nearly half of UK security professionals (46.3%) say its easy to become involved in cybercrime without getting caught.

Malwarebytes CEO, Marcin Kleczynski offered further insight on the report's findings, saying:

“The current skills shortage combined with a steady stream of attacks against antiquated endpoint protection methods continues to drive up costs for today’s businesses, with a seemingly larger hit to security departments of mid-market enterprises. On top of this, we are seeing more instances of the malicious insider causing damage to company productivity, revenue, IP and reputation. We need to up-level the need for proper security financing to the executive and board level. This also means updating endpoint security solutions and hiring and rewarding the best and brightest security professionals who manage endpoint protection, detection and remediation solutions.” 

Image Credit: Everything Possible / Shutterstock

After getting his start at ITProPortal and then working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches to how to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.