Almost one in 10 U.S. security professionals admits to having considered participating in Black Hat – or cybercriminal – activity, according to the report White Hat, Black Hat and the Emergence of the Grey Hat: The True Costs of Cybercrime, conducted by Osterman Research and sponsored by Malwarebytes.

Participating both as a cybersecurity professional and as a cybercriminal would make them “Grey Hats,” and on average, survey participants believe that 4.6 percent of their colleagues are Grey Hats. Forty-six percent think it’s easy to get into cybercrime without getting caught, although most believe there’s more money to be made in fighting cybercrime than being a cybercriminal.The study found that more than half of all U.S. security professionals know or have known someone who has participated in Black Hat activity. Among cybersecurity professionals polled globally, that rate is 41 percent. Furthermore, 22 percent have been approached about participating in cybercrime, and 12 percent have seriously considered it.

Money is one of the main reasons cybersecurity professionals believe people turn to cybercrime, though, with 62.5 percent saying Black Hats can earn more money than security professionals. On the high end, cybercriminals can earn in excess of $166,000 per month, and on the low end of the earnings scale, cybercrime can net the criminal more than $3,500 per month – more than some entry-level security professionals make. For comparison, The True Costs of Cybercrime study found that the global average salary for an entry-level cybersecurity professional is $60,662, and the top salary is $130,520.