Research out today from US-based security company Palo Alto Networks has discovered that the average cybercriminal earns less than $30,000 (£21,007) a year from their misdeeds, which is a quarter of the average salary of a cybersecurity professional.
The poor level of pay may go some way to explaining why hackers are also taking an opportunistic approach to their doings, with 73 per cent of the survey's respondents – over three-quarters (79 per cent) of which described themselves as being involved in the cyberattacker community – noting that hackers were opting for targets they saw as being easy and cheap.
Meanwhile, three out of four (72 per cent) believed that criminals would give up and go elsewhere if a firm had a strong security system in place, and that most potential attackers would probably move on if they'd been trying to breach a system for more than 209 hours, or just over a week, without success.
Read more: Do you remember 2015's worst cyber attacks?
"The survey illustrates the importance of threat prevention," said Dr Larry Ponemon, chairman and founder of the Ponemon Institute, which helped Palo Alto Networks carry out the study. "By adopting next-generation security technologies and a breach prevention philosophy, organisations can lower the return on investment an adversary can expect from a cyberattack by such a degree that they abandon the attack before it’s completed."
Davis Hake, director of cybersecurity strategy at Palo Alto Networks, added:
As computing costs have declined, so too have the costs for cyberadversaries to infiltrate an organisation, contributing to the growing volume of threats and data breaches. Understanding the costs, motivations, payouts, and finding ways to flip the cost scenario will be instrumental in reducing the number of breaches we read about almost daily and restoring trust in our digital age.
In light of what it discovered, Palo Alto Networks is urging companies to adopt security measures which will make them a more difficult target, which could include using systems that have a preventative, rather than reactive, approach to security.