Emmanuel Marshall 20 July 2018 10:10:11 AEST 5 MIN READ

Bug bounty hunters: who are they? Why do they matter?

In the lexicon of online security there are cybercriminals, black hat hackers (hackers who do crime), white hat hackers (hackers who help prevent cyber-attacks), hacktivists (hackers who use their skills for political causes) and then there are “bug bounty hunters.”


What is a bug bounty hunter?

The term “bug bounty” was coined by a developer at Netscape in 1995. It was used to describe a new scheme Netscape was testing which involved paying reward money to independent developers and white hat hackers who discovered flaws in Netscape’s system.

The idea caught on in Silicon Valley and by the 2000s bug bounty programs were being implemented by many large development projects; companies like Yahoo! and Facebook were early adopters of bug bounty programs.


Bug bounties are growing


When PWC conducted their annual CEO survey in 2017 24% of the exec’s surveyed rated themselves “extremely concerned” about cyber-threats. In the 2018 survey, that figure nearly doubled to 40%. 

(Right: graph from PWC’s 21st CEO Survey showing the steep growth in concern amongst CEOs internationally about cyber-threats.)

The concern of businesspeople about cybersecurity is justified.

Research reports from The FBI, Deloitte and WEF agree that cybercrime is on the rise.
WEF research found that cyber-attacks reported by companies rose from 68 attacks per business in 2012 to 130 attacks per business in 2017.

CEO’s increasing concern about cybersecurity has driven a steep increase in the adoption of bug bounty programs, but the practice is still only employed by 5% of enterprises. There may be an explosion in demand for bug bounty hunters soon, though. A June report from Gartner Inc predicts that bug bounty programs will be used by more than 50% of companies by 2022.  Even now, bug bounty programs are big business. Companies paid more than US$7.6 million in bounties in the first half of 2018.


Hunters hunted

bug_on_binary_2Bug bounty programs are one of the new growth industries born out of the explosive growth in cybercrime. With the surge in data breaches has come a new realisation amongst business leaders that they need to explore new ways of mitigating cyber-attacks.

The hunters have become the hunted, with executives eager to employ ethical hackers to help detect data vulnerabilities in their organisations. According to HackerOne, who provides white hat hacking services to companies, the demand for bug bounty hunters has risen fast in recent years. HackerOne have disclosed that their roster of registered white hat hackers has expanded 10x in the last 24 months.


Top level focus on security

Ignoring cybersecurity is no longer an acceptable stance. Data breaches can have devastating effects on companies - as evidenced by the recent incidents involving Facebook, Equifax and Uber - so cybersecurity has become a pressing issue not just for IT managers, but for CEOs and business owners as well.

The growth in cybercrime internationally and the increasing incidence of major breaches has moved governments to put pressure on business to secure their data. The EU GDPR and similar regulatory measures seek to penalise companies for leaving gaps in their security.

To navigate the increasingly difficult security challenges presented by cybercrime, companies need to adopt a multi-layered security strategy that involves rigorous data management and advanced cloud-based threat protection.

Cybersecurity guide for CEOs

If you would like to learn more about the complex cybersecurity challenges facing business today, please download the e-book Surviving the Rise of Cybercrime by Craig McDonald. This plain English handbook explains the most common threats and provides essential guidance on managing risk.


“Cybercrime is a serious and growing business risk. Building an effective cybersecurity culture within an organisation requires directors and executives to lead by example. Surviving the Rise of Cybercrime is a must-read for directors and executives across business and in government and provides strong foundations for leaders determined to address cyber risk.” 
- Rob Sloan, Cybersecurity Research Director, Wall Street Journal

Download your copy of Surviving the Rise of Cybercrime for free, here.