View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 1, 2016updated 04 Sep 2016 10:41pm

Does cyber crime pay? Security pros earn bigger salaries than hackers

News: Research busts myth of big cyber crime pay day.

By Vinod

New research has revealed the full extent of the economics involved in cyber crime, with UK malware makers earning less than their foreign counterparts.

Research from Palo Alto Networks and the Ponemon Institute showed that UK hackers earn £8,600 for a successful attack, compared to £10,400 for those in Germany, and £10,900 in the US.

It is often thought that successful cyber attackers are in line for a big pay day, but the report says that this is not the case. The researchers calculated a return of $14,711 for each successful attack, and put the average number of successful attacks per year at 8.26.

From this data, and the percentage of successful attacks, it extrapolated that on average attackers earn $28,744 a year from cyber attacks for an average of 705 hours work.

This is ¼ of the average earnings of cyber security professionals.The report said that "the fully loaded hourly labor rate for an experienced IT security professional is $60.36".

Despite this seemingly low financial return, 69% of attackers in the study said that they were motivated by money, perhaps holding out hope they could be in line for a big pay day.

Davis Hake, director of cybersecurity strategy at Palo Alto Networks said: "As computing costs have declined, so too have the costs for cyber adversaries to infiltrate an organization, contributing to the growing volume of threats and data breaches. Understanding the costs, motivations, payouts, and finding ways to flip the cost scenario will be instrumental in reducing the number of breaches we read about almost daily and restoring trust in our digital age."

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

The report also revealed the full extent of the opportunism involved in cyber crime. 72% of adversaries said that they would not bother with an attack that did not quickly bring in high-value information, and 73% said that they looked for "cheap" easy targets.

Consequently, the report said that increasing the time it takes to conduct a successful attack is a powerful deterrent that organisations could employ. It found that an increase of 40 hours could eliminate up to 60% of attacks.

One of the ways to increase the time is to create a strong security posture. The research found that if an organisation has an "excellent" IT infrastructure, it can take 147 hours for a technically proficient cyber attacker to plan and execute an attack, double the 70 hours that it takes against those organisations with just a "typical" security setup.

The researchers found that, on average, after 209 hours attackers would quit an attack.

"The survey illustrates the importance of threat prevention. By adopting next-generation security technologies and a breach prevention philosophy, organizations can lower the return on investment an adversary can expect from a cyberattack by such a degree that they abandon the attack before it’s completed," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute

The Ponemon institute surveyed 304 participants in Germany, the UK, and the US, with 79% of those respondents saying they were involved in the hacker community.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.