HackerOne

New Data Reveals Trust Gap Between Hackers and Organizations

SAN FRANCISCO, October 12, 2023 - HackerOne, the leader in Attack Resistance, today revealed data that found half (52%) of security professionals would rather accept the presence of undiscovered vulnerabilities than work with hackers, and 60% stated hackers cannot be fully trusted.* This gap in trust between organizations and hackers creates blindspots as organizations fail to receive essential vulnerability information to reduce security risk. Preliminary findings from the 7th annual Hacker-Powered Security Report** revealed that the lack of a clear channel to disclose a vulnerability at an organization was the top reason cited by hackers who did not report a vulnerability they discovered. Organizations that do follow disclosure best practices continue to benefit from hacker engagement. As the cost of the average data breach hits $4.45M, three-quarters of HackerOne customers (70%) say hackers have helped them avoid a significant cybersecurity incident. 

“When hackers have no clear channel to disclose vulnerabilities, everyone suffers. Our research reveals a stigma that needs to be broken if we want to maintain the safety and security of the internet,” said Chris Evans, Chief Hacking Officer and CISO at HackerOne. “There’s no question cybercriminals inflict significant societal damage, but the majority of individuals engaged in hacking are law-abiding citizens seeking to learn, make the internet safer, and earn a livelihood. Our customers recognize that accepting vulnerabilities exist and allowing ethical hackers to test their systems builds trust with their customers and stakeholders — and reduces their chance of a costly breach.” 

Despite challenges, hacking as a profession continues to build momentum. Hackers are dedicated to further building their skills, with 60% of hackers confirming they view hacking as their career, up from 41% last year, and 61% of hackers are dedicated to learning and developing hacking tools with Generative AI (GenAI) to find more vulnerabilities faster. 

“A lot of what you see in movies or on TV is wrong – from the process of hacking to how hackers behave. We’re part of a huge global community, so we don’t all fit a particular stereotype,” said Roni Carta, HackerOne hacker. “Right now, I'm focused on understanding GenAI’s potential impact and how it can influence the cybersecurity landscape. While I use GenAI daily to enhance my hacking techniques, I'm also investing time in learning how to hack this technology. With every new innovation, new attack surfaces emerge, and it's essential cybersecurity evolves in rhythm with these advancements.”

About HackerOne

HackerOne pinpoints the most critical security flaws across an organization’s attack surface with continual offensive testing to outmatch cybercriminals. HackerOne’s Attack Resistance Platform blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to reduce threat exposure and empower organizations to transform their businesses with confidence. Customers include Citrix, Coinbase, Costa Coffee, General Motors, GitHub, Goldman Sachs, Hyatt, PayPal, Singapore’s Ministry of Defense, Slack, the U.S. Department of Defense, and Yahoo. In 2023, HackerOne was named a Best Workplace for Innovators by Fast Company.

*The CensusWide survey was conducted from March 29-31, 2023. The nationwide online survey gathered insights from 100 U.S. cybersecurity professionals aged 18 and up at companies with 10 or more employees.

**The 2023 Hacker-Powered Security Report polled HackerOne customers and more than 5,000 hackers.