Research by HackerOne, the world’s most trusted hacker-powered security platform, has revealed hackers are finding over twice as many vulnerabilities in software in 2020 than they were in 2019. Hackers have helped find and resolve over 180,000 vulnerabilities on the HackerOne platform, with one third of those being reported in the past year alone as more and more businesses turn to hackers to help secure their systems.
Driven by the pandemic, over a third of businesses (36%) have expedited digital initiatives to support remote working. Digitization of assets and the speed of development is creating new vulnerabilities. 30% of organizations confirmed they experienced an increase in attacks due to the pandemic, and hackers reported 28% more software vulnerabilities per month during the pandemic than before it.
The research also revealed that IT and security teams are more concerned about the impact of attacks, with 64% believing organizations were under more threat during the pandemic. At the same time, 30% of in-house security teams were reduced and a quarter had budget cuts since March.
“Budget and staff cutbacks, a rise in cyber attacks and the great rush to support remote workers have put security teams under significant pressure,” said HackerOne CEO, Marten Mickos. “Adding to that, the need to develop new COVID-proof solutions means fresh vulnerabilities are inevitable. Traditional security tactics are no longer sufficient to keep up with a rapidly adapting attack surface. New, affordable and agile solutions need to be found.”
Additional key findings in the report included:
- More than $44.75 million in bounties were awarded to hackers across the globe over the past year, driving the total bounties past $100 million. That’s a year-over-year increase of 86% in total bounties paid.
- The potential earning power of a hacking career is above today’s global average IT salary of $89,732. In 2019, more than 50 hackers earned over $100,000 in 2019 from bug bounties.
- There are now over 830,000 hackers registered on the HackerOne Community. They’ve earned more than $100 million through reports on 565,000+ vulnerabilities.
- 9 individual hackers from 7 different countries have now earned over $1 million on the HackerOne platform.
- Through Hack for Good, a feature that enables hackers to automatically donate bounty earnings to a chosen charity, hackers donated more than $30,000 to The World Health Organization (WHO) COVID-19 Solidarity Response Fund, Hack For Good’s first recipient.
- The average bounty paid for critical vulnerabilities increased to $3,650 in the past year; an 8% year-over-year increase. To date, $100,000 remains the largest individual bounty earned for a critical vulnerability on HackerOne.
- Industries with year-over-year increase in total programs of 200% or greater included Computer Hardware (250%), Consumer Goods (243%), Education (200%), and Healthcare (200%).
Mickos continues: “We’ve all become hackers during the pandemic – questioning status quo, testing new ways of working, overcoming limitations. Our reports show that since the start of the pandemic, 30% of businesses have been more open to accepting security help from hackers. With hackers delivering concrete results at an affordable cost, even the most traditional industries are ready to give hacker-powered security a try.”
The full report is available at https://www.hackerone.com/hacker-powered-security-report
HackerOne empowers the world to build a safer internet. As the world’s most trusted hacker-powered security platform, HackerOne gives organizations access to the largest community of hackers on the planet. Armed with the most robust database of vulnerability trends and industry benchmarks, the hacker community mitigates cyber risk by searching, finding, and safely reporting real-world security weaknesses for organizations across all industries and attack surfaces. Customers include The U.S. Department of Defense, Dropbox, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Intel, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Qualcomm, Slack, Starbucks, Twitter, and Verizon Media. HackerOne was ranked fifth on the Fast Company World’s Most Innovative Companies list for 2020. Headquartered in San Francisco, HackerOne has a presence in London, New York, the Netherlands, France, Singapore, and over 70 other locations across the globe.