New research reveals that insecure code is behind a shocking number of cyber breaches in the UK, with two-thirds of tech leaders admitting their organization suffered an incident in the past year.
The study from SecureFlag, of 100 UK C-suite and tech leaders, shows that despite the risks, many companies are still failing to train developers properly, leaving a gap that attackers are exploiting.
Of those surveyed 67 percent admit that their organization experienced at least one cybersecurity breach or serious incident in the past 12 months due to insecure coding practices. Nearly half of these companies faced multiple such incidents. Despite these dangers, the survey finds that 40 percent of organizations still do not mandate regular secure coding training for their developers.
“This should be a wake-up call for every business that develops software,” says Andrea Scaduto, CEO and co-founder of SecureFlag. “It’s frankly shocking that in 2025 so many breaches are still happening because of avoidable coding flaws. Our survey exposes a clear and present danger: too many development teams lack the security training to prevent vulnerabilities, and attackers are exploiting that gap. The message is loud and clear — without a serious investment in developer education, organizations will continue to be at risk.”
While 88 percent of the executives surveyed acknowledge that poor coding practices pose a significant threat to their business, far fewer have fully implemented the safeguards to counter them. Only about a third of companies currently provide continuous, hands-on secure coding training, and just 29 percent are highly confident in their developers’ ability to write code that is secure by design. Many leaders cite constraints such as limited time, budget, or available expertise as reasons for not training developers more frequently. However, the cost of inaction is steep — several respondents noted that the incidents they experienced led to customer data exposure, service downtime, and substantial financial losses.
“The fact that so many organizations are being compromised through code errors is alarming. Breaches stemming from coding mistakes are preventable — but only if companies invest in proper training,” Emilio Pinna, SecureFlag’s CTO and co-founder, says. “We urge businesses not to wait for a disaster. Ensuring your developers can recognize and avoid vulnerabilities must be a top priority. It’s far cheaper to train a developer than to clean up after a breach.”
You can find out more on the SecureFlag blog.
Image Credit: Jirapong Manastrong/Dreamstime.com
