According to an annual report on the state of ethical hacking published by HackerOne, the money earned in bounties this year was nearly equal to the entire amount awarded in all prior years combined. Since launching in 2012, companies have paid the platform’s ethical hackers a grand total of $82 million, in return for their successful detection of over 150,000 vulnerabilities.
High-profile organizations – which, according to the report, include General Motors, Google, Goldman Sachs, Toyota and IBM – are invested in employing HackerOne’s security researchers to dig out the vulnerabilities in their products and services before malicious hackers do.
Ethical hacking remains a difficult area for most companies to fully understand, but it is a vital extra tool in the cyber security tool kit.
Ethical hacking can often find extensive vulnerabilities that other methods cannot, which highlights the critical protection it offers. Larger companies employ ethical hackers or agencies like this to act as an extra, independent pair of eyes to observe code, finding details that may go unnoticed in-house.
Of course, it comes with a risk, but it’s about weighing that up against the risk of the type of attack a business may face from threat actors. More and more, we are seeing the value that ethical hacking can bring – as the financial reward that comes with it.