Bugcrowd Report Highlights Need for Blend of Human Ingenuity and AI-Powered Security Solutions to Protect Critical Infrastructure
Inside the Mind of a Hacker report highlights rapid globalization, acceleration in gender diversity, and growing neurodiversity among hackers
- Hackers on the Bugcrowd platform prevented $8.9B of cybercrime in 2019 and are on track to prevent more than $55B of cybercrime by 2025
- 78% of hackers said AI-powered cybersecurity solutions alone aren’t enough to outmaneuver cyber attacks over the next decade
- 61% of hackers have noticed an increase in bug bounty programs since the onset of COVID-19
- 93% of hackers primarily hack out of care for the companies for which they work
- The report analyzes 3,493 survey responses to provide in-depth view of hacking trends
- 73% of hackers speak multiple languages; 53% of hackers are under the age of 24; 13% of hackers are neurodiverse
SAN FRANCISCO – June 23, 2020 – Bugcrowd, the #1 crowdsourced security company, today released its 2020 Inside the Mind of a Hacker report, the most comprehensive study to date on the global hacking community. Among the report’s key findings, human ingenuity supported by actionable intelligence of the Bugcrowd platform were found to be critical ingredients to maintaining a resilient infrastructure. In fact, 78% of hackers indicated AI-powered cybersecurity solutions alone aren’t enough to outmaneuver cyber attacks over the next decade.
Nearly nine out of 10 hackers, 87%, say that scanners cannot find as many critical or unknown assets as humans. While 2019 was a record year for data breaches, the report found that hackers working on the Bugcrowd platform prevented $8.9B of cybercrime in 2019 and earned 38% more than they did in the previous period. In the next five years, hackers on the Bugcrowd platform are projected to prevent more than $55 billion in cybercrime for organizations worldwide.
“Globally-distributed good-faith hackers are increasing in number and diversifying. Bugcrowd gives organizations the power to proactively leverage human ingenuity – the enabler of malicious cyberattacks – at-scale to prevent them,” said Casey Ellis, founder, chairman, and CTO of Bugcrowd. “While AI has a role to play in helping to reduce cyber risk, companies need to integrate crowdsourced security throughout their security lifecycle if they hope to outsmart and outmaneuver cybercriminals.”
“Hackers will always be one step ahead of AI when it comes to cybersecurity because humans are not confined by the logical limitations of machine intelligence,” said Jasmin Landry, top-ranked Bugcrowd hacker. “For example, hackers can adapt four to five low-impact bugs to exploit a single high-impact attack vector that AI would likely miss without the creative flexibility of human decision-making. Experience allows hackers to recognize vulnerable misconfigurations that represent a true risk to organizations without all of the false positives that typically come with AI-powered solutions.”
The Inside the Mind of a Hacker report analyzes 3,493 survey responses from working hackers, plus hacking activity on the Bugcrowd Platform between May 1, 2019 and April 30, 2020. In addition, the report incorporates data from 1,549 programs and 7.7 million platform interactions to provide a striking and in-depth view of emerging trends among Bug Bounty, Penetration Testing, Attack Surface Management, and Vulnerability Disclosure Programs.
The Next Generation of Hackers are Younger and Neurologically Diverse
Hacking as a profession is lucrative and highly attractive to young people, with 53% of hackers under the age of 24.
Remarkably, the report uncovered that 13% of hackers are neurodiverse and possess neurological advantages that help them provide extraordinary depth and dimension in security testing. These unique strengths include exceptional memory skills, heightened perception, a precise eye for detail, and an enhanced understanding of systems. Nearly half of neurodiverse hackers (6%) experience Attention-Deficit/Hyperactivity Disorder (AD/HD) and thrive in environments of rapid change, such as security research, where creativity and out-of-the-box thinking are rewarded generously.
Career Hacking in Emerging Countries Skyrockets
The research found that hackers live on six continents and reside in more than 100 countries worldwide. Most notably, the report identified an 83% growth in respondents living in India and nearly three out of four hackers (73%) speak two or more languages.
“Diversity is the critical, yet often overlooked, factor in any successful security strategy. Bugcrowd gives us the ability to rapidly analyze a situation using global perspectives from hackers—who already understand how our applications work—that collectively augment their unique backgrounds and sociocultural influences to keep us ahead of cybercriminals,” said Adrian Ludwig, CISO at Atlassian. “Having started my career as a hacker, I understand that cybersecurity is inherently a human problem. ‘The power of the crowd’ in crowdsourced cybersecurity is rooted in being able to look at the same thing as everyone else and see something different.”
Social Responsibility on the Rise Among Businesses, Hackers
Bugcrowd uncovered a growing social responsibility trend among businesses and hackers. 93% of hackers primarily hack out of care for the well-being of the organizations with which they work. Additionally, organizations made five-times the number of coordinated disclosures in the last 12 months.
“The exponential growth of these disclosures highlights the value of transparency to stakeholders and demonstrates organizations are taking social responsibility more seriously than ever,” said Ellis.
COVID-19 Increasing Demand for Career Hackers
The FBI reported a 400% rise in cybercrime after COVID-19 was declared a pandemic and organizations are investing more in bug bounty programs as a result. More than half of hackers (61%) have noticed an increase in available bug bounty programs to participate in due to widespread remote working conditions related to the COVID-19.
“We are in unprecedented territory – and COVID-19 has forced many businesses to accelerate digital transformation efforts,” said Ashish Gupta, CEO and president of Bugcrowd. “The rush to digitize businesses can create serious lapses in security and organizations are turning to bug bounty programs to proactively safeguard new products and applications against vulnerabilities.”
Like the larger security industry, career hackers also noted concerns about COVID-related fraud. Nearly half of hackers (48%) believe the Healthcare industry is the most vulnerable to cybercrime during the unfolding crisis, followed by Education and Community Support (17%) and Government and Military (16%).
Additionally, as the government faces the potential impact of COVID-19 on the upcoming 2020 US Presidential election, 72% of hackers independently reported that they do not trust alternative polling methods, like electronic polling or mail-in ballots.
About 2020 Inside the Mind of a Hacker Report
The Inside the Mind of a Hacker Report analyzes 3,493 survey responses from working hackers, plus hacking activity on the Bugcrowd platform between May 1, 2019, and April 30, 2020, to highlight insights from its vast on-demand cybersecurity workforce. In addition, the report incorporates data from 1,549 programs and 7.7 million platform interactions to provide a striking and in-depth view of emerging trends among Bug Bounty, Penetration Testing, Attack Surface Management, and Vulnerability Disclosure Programs. Learn more here.
Bugcrowd is a pay-for-results security platform that plugs on-demand expertise into your team, so they know what to fix first and how to get it done fast. The award-winning platform combines contextual intelligence with actionable skills from the world’s most elite security researchers to help organizations identify and fix critical vulnerabilities before attackers exploit them. Based in San Francisco, Bugcrowd is the #1 crowdsourced security company and is trusted by more Fortune 500 organizations to make the digitally connected world a safer place. Discover how Bugcrowd can unburden internal teams and get more impact from your security programs today: www.bugcrowd.com
“Bugcrowd” and “Inside the Mind of a Hacker” report are trademarks of Bugcrowd Inc. and its subsidiaries. All other trademarks, trade names, service marks and logos referenced herein belong to their respective companies.