Study: a successful hack brings an average of 14.7 thousand dollars, but hackers quickly surrender

"The typical hacker" ( Kung Fury ).

The Ponemon Institute organization conducted a survey among computer security experts, whose goal was to find out how profitable the cyber attacks were. Also the question was raised about what the motivation of hackers is: either this is politics, some kind of reputational interests, or purely material needs. The study consisted of a survey of 304 computer security threats experts from the United States (158), the United Kingdom (70), and Germany (76). According to the Ponemon Institute, all these people helped the organization’s activities or were highlighted at computer security conferences. The experts agreed to participate in the survey on condition of anonymity, and the accuracy of the data is fully ensured by the integrity of the answers.

The survey revealed that it is the material benefit that plays the greatest role in the burglar’s ​​motivation. The researchers came to a simple conclusion: criminals give preference to poorly protected systems and quickly give up if they encounter difficulties.

So, a typical survey participant is a man from 18 to 40 years old, who is an active participant in hacker communities. Experience of penetration into systems varies, many are engaged in this for years. There were almost no newcomers (less than 5 years of experience) (2%). Most of the respondents are freelancers, many work in the IT sector.
')
To carry out hacking you need the appropriate knowledge and technical tools. On average, a hacker spends $ 1,367 a year on specialized software kits for conducting attacks. The use of such software is growing, and the software itself is highly efficient: 63% noticed that they use tools more often, 64% consider such programs to be effective.

What motivates people with good abilities in the field of information technology to carry out illegal activities to penetrate computer systems? Respondents say that this is money: the majority believes that the attackers are motivated by economic gain.

One of the conclusions reached by the study is that in order to protect access to important information, it is necessary to make the hacking of systems as long as possible. When choosing targets, hackers show opportunism, say 72% of respondents. They choose simple targets, hacking which promises benefits, and well-protected systems force them to retreat.

60 percent of attackers change target after 40 hours of unsuccessful attempts. A technically competent hacker “opens” a typical defense in less than 3 days (70 hours) of work. Security systems that hackers call “excellent” require twice as long - 147 hours. On average, 209 hours of attempts force you to surrender and move on to another goal. However, hacking takes less time thanks to automated tools, respondents say.

On average, hackers conduct 8.26 attacks per year. Of these, 42% are successful, and of the successful, only 59% are profitable. The result of the activity of the average computer hacker is $ 14,711 for a break or $ 28,744 a profit per year. On average, 705 hours of work per year is spent on attacks, that is, the average hacker earns $ 40 per hour. However, it is very difficult to judge real income by average numbers: a “steep” specialist gets a lot, and a weak majority gets smaller amounts.

For comparison: an officially employed information security expert earns an average of about $ 60 per hour, but works more than 1,900 hours a year. (On the other hand, criminal activity can be carried out in free time as an additional income. A resident of the country can also do it more poorly.) The respondents themselves also understand that a blackhat hacker could earn better by working “for white” for some company or state structure. 64% think so.

Full survey report in PDF format .