Malwarebytes Global Study: Endpoint Technology Inadequate at Handling Complexity of Today's Cybersecurity Threats; Dramatically Increasing Expenses for Businesses

SANTA CLARA, Calif., Aug. 8, 2018 /PRNewswire/ -- Malwarebytes(TM), the leading advanced malware prevention and remediation solution, released a new report "White Hat, Black Hat and the Emergence of the Gray Hat: The True Costs of Cybercrime" today, which was conducted by Osterman Research. The study polled 900 senior IT decision-makers and IT security professionals in Australia, Germany, the U.S., U.K., and Singapore about the impact of cybercrime on their bottom line, and also looked at all sides of IT security costs from budget and remediation, to hiring, recruiting and retention.

Top report findings include:

Cybercrime incidents are escalating, security budgets are exploding and security remediation costs are skyrocketing:

    --  U.S.-based businesses experienced a higher number of very serious
        security events such as ransomware and intentional insider breaches
        compared to other countries surveyed--an average of 1.8 incidents in
    --  Based on security budget per employee responses, the average 2,500
        employee company in the U.S. will spend more than $1.8 million dollars
        on security costs. That number is expected to increase to more than $2
        million in 2018--nearly twice the average cost of all global responses
        (more than $1 million in 2018).
    --  Remediating major security incidents is extremely expensive: the average
        global expenditure for remediating just a single event is approximately
        $290K for a 2,500-employee organization. In the U.S., the average cost
        escalates to $429K.
    --  Phishing was the most common cause of major incidents globally (44
        percent) with ransomware (26 percent) and spear phishing (20 percent)
        also in the top five. While the delivery tactics are familiar, the
        malware has grown increasingly complex and sophisticated.

Midsize companies (500-999 employees) are getting squeezed with massive increases in security incidents and exploding security budgets, but have fewer employees and smaller budgets:

    --  To protect against a high volume of malicious attacks, mid-sized
        companies' security budgets increased by 36 percent.
    --  Mid-market businesses had the highest percentage of security budget
        increases from 2017 to 2018 (36.32 percent increase for midsize
        companies; 20.46 percent increase for large companies; 8.5 percent
        increase in budget for small companies) to counter the significantly
        higher levels of adware, accidental insider data breaches and
        intentional insider data breaches and even nation state attacks.
    --  Mid-sized companies spent 19 percent of their security budget
        remediating compromises. Fewer staff on-hand in mid-sized companies'
        Security Operations Centers (SOCs) to handle the volume of attacks
        resulted in the highest percentage of security budget spent on
        remediating attacks (18.62 percent of budget spent on remediating
        compromises) compared with both large (11.3 percent) and smaller (13.97
        percent) companies.
    --  49 percent of global mid-market professionals were most likely to
        suggest that it's easy to get into cybercrime without getting caught.

Security professionals are turning "Gray Hat"

    --  Almost one in 10 U.S. security professionals has admitted to having
        considered participating in Black Hat activity. Surprisingly, this was
        the lowest rate among all countries surveyed. More than one in five (21
        percent) of U.K. security professionals have considered the Black Hat
    --  Black/Gray Hats aren't hard to find in today's SOCs. More than half of
        all U.S. security professionals surveyed (50.5 percent) know or have
        known someone that has participated in Black Hat activity. This was the
        highest rate of all countries surveyed. The global average was 41

"The current skills shortage combined with a steady stream of attacks against antiquated endpoint protection methods continues to drive up costs for today's businesses, with a seemingly larger hit to security departments of mid-market enterprises," said Marcin Kleczynski, Malwarebytes CEO. "On top of this, we are seeing more instances of the malicious insider causing damage to company productivity, revenue, IP and reputation. We need to up-level the need for proper security financing to the executive and board level. This also means updating endpoint security solutions and hiring and rewarding the best and brightest security professionals who manage endpoint protection, detection and remediation solutions."

"White Hat, Black Hat and the Emergence of the Gray Hat: The True Costs of Cybercrime" uncovers the current state of cybercriminal costs and the motivations of cybersecurity professionals moving to the dark side. To view the full global report, please click here for more detailed findings and analysis.

About Malwarebytes

Malwarebytes proactively protects people and businesses against dangerous threats such as malware, ransomware and exploits that escape detection by traditional antivirus solutions. Malwarebytes completely replaces antivirus with artificial intelligence-powered technology that stops cyberattacks before they can compromise home computers and business endpoints. More than 60,000 businesses and millions of people worldwide trust and recommend Malwarebytes solutions. Our team of threat researchers and security experts process emerging and established threats every day, from all over the globe. Founded in 2008, the company is headquartered in California, with offices in Europe and Asia. For more information, please visit us at

Malwarebytes founder and CEO Marcin Kleczynski started the company to create the best disinfection and protection solutions to combat the world's most harmful Internet threats. The market continues to recognize Marcin's advancements in cybersecurity with the recent recognition as "CEO of the Year" in the Global Excellence awards. He has also been named to the Forbes 30 Under 30 Rising Stars of Enterprise Technology list and received both the Silicon Valley Business Journal's 40 Under 40 and Ernst & Young Entrepreneur of the Year awards.

Follow us on Facebook:

Follow us on Twitter: @malwarebytes

Follow us on LinkedIn:

See us on YouTube:

Read our latest Malwarebytes Labs blog:

View original content with multimedia:

SOURCE Malwarebytes