A new survey has revealed the extent to which poor coding practices are leaving UK businesses exposed. Two-thirds of senior technology leaders admitted their organisations suffered at least one breach or serious security incident in the past year. The common cause: insecure code.
SecureFlag’s research found that of the 100 executives surveyed, nearly half reported facing more than one incident in twelve months. Despite the scale of the problem, 40 percent of organisations still do not require their developers to undergo regular secure coding training.
“This should be a wake-up call for every business that develops software,” said Andrea Scaduto, CEO and co-founder of SecureFlag. “It’s frankly shocking that in 2025 so many breaches are still happening because of avoidable coding flaws. Our survey exposes a clear and present danger: too many development teams lack the security training to prevent vulnerabilities, and attackers are exploiting that gap. The message is loud and clear – without a serious investment in developer education, organisations will continue to be at risk.”
The report highlights a gap between what leaders know and what they do. Almost nine in ten respondents recognised insecure code as a serious threat. Far fewer acted on that knowledge. Only one in three companies provide continuous, practical training. Fewer still expressed strong confidence in their developers’ ability to produce secure code.
Constraints of time, budget, and expertise were the most common reasons given for not training staff. The costs of inaction, however, were substantial. Respondents described breaches that led to customer data loss, system outages, and heavy financial impact.
Broader research supports the urgency of the issue. The UK government’s most recent Cyber Security Breaches Survey found that 43% of businesses experienced an attack or breach in the past year. SecureFlag’s report goes further, identifying insecure code as a central factor. The most common flaws included weak authentication processes, unchecked input leading to SQL injection, and insufficient testing before release.
“The fact that so many organizations are being compromised through code errors is alarming, said Emilio Pinna, SecureFlag’s CTO and co-founder. “Breaches stemming from coding mistakes are preventable – but only if companies invest in proper training,” he said. “We urge businesses not to wait for a disaster. Ensuring your developers can recognize and avoid vulnerabilities must be a top priority. It’s far cheaper to train a developer than to clean up after a breach.”
SecureFlag says it will continue its push to make secure coding the standard rather than the exception.
The company’s message to industry leaders is blunt. The threat is here, the costs are real, and the solution is clear: train the developers, or pay the price.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.