A new survey from SecureFlag has revealed serious shortcomings in how UK businesses protect themselves from software-related threats. In a poll of 100 C-suite and technology leaders, 67% admitted their organisation had suffered at least one cybersecurity breach or major incident in the past 12 months due to insecure coding practices, with nearly half experiencing multiple incidents.
Despite this, the research shows that 40% of companies still do not require developers to undergo regular secure coding training; a gap experts warn leaves businesses exposed.
“This should be a wake-up call for every business that develops software,” said Andrea Scaduto, CEO and co-founder of SecureFlag. “It’s frankly shocking that in 2025 so many breaches are still happening because of avoidable coding flaws. Our survey exposes a clear and present danger: too many development teams lack the security training to prevent vulnerabilities, and attackers are exploiting that gap. The message is loud and clear – without a serious investment in developer education, organisations will continue to be at risk.”
The survey underscores a disconnect between awareness and action. While 88% of executives acknowledged that insecure coding poses a significant risk to their business, only one in three currently provides continuous, hands-on secure coding training. Just 29% expressed high confidence in their developers’ ability to write secure-by-design code. Time, budget, and resource limitations were among the top reasons cited for not training more frequently.
The cost of inaction, however, is significant. Respondents reported that breaches tied to insecure code led to customer data exposure, service downtime, and financial losses. These findings align with the UK government’s Cyber Security Breaches Survey, which found that 43% of businesses overall suffered a cyber attack or breach in the past year. SecureFlag’s study goes further by pinpointing insecure software code as a primary driver of these incidents, with common issues including SQL injection, weak authentication flows, and inadequate code review processes.
Emilio Pinna, CTO and co-founder of SecureFlag, emphasised the urgency of tackling the problem head-on. “The fact that so many organizations are being compromised through code errors is alarming. Breaches stemming from coding mistakes are preventable – but only if companies invest in proper training,” he said. “We urge businesses not to wait for a disaster. Ensuring your developers can recognize and avoid vulnerabilities must be a top priority. It’s far cheaper to train a developer than to clean up after a breach.”
To meet this challenge, SecureFlag is doubling down on its mission to equip development teams with practical skills to build secure software from the outset. Its immersive training platform gives developers real-world experience in secure coding, helping organisations shift security from a reactive measure to a proactive foundation.
With this latest research serving as a stark warning, SecureFlag is calling on industry leaders to act now, before the next coding-related breach makes headlines.
