Bug Bounty Statistics

Bug Bounty Statistics

13 Feb Bug Bounty Statistics

Posted at 16:55h in Ethical Hacking by

Bug bounties are an integral part of the cybersecurity industry.

Organizations worldwide rely on ethical hackers to find security weaknesses in their systems and applications. It is now more crucial than ever to understand the industry’s current state and trajectory clearly.

Let’s get into the statistics and trends surrounding the industry’s current landscape, and then we will make some predictions for what to look out for in 2023.

The Industry

Through bug bounty programs, organizations can reduce the risk of a data breach or other security incident. Here are some statistics about the industry currently:

  1. The number of software vulnerabilities found rose by 21%, with over 65,000 discoveries in 2022.
    The number of software vulnerabilities found rose by 21%, with over 65,000 discoveries in 2022.
  2. The bug bounty platform, Intigriti, paid out three times more in 2022 compared to 2021.
  3. Meta paid over $2 million in bounties and received 10,000 reports.
  4. Critical vulnerabilities were the top-paying, with $61 million, accounting for 92.7% of all bounties in 2022.
  5. With the arrival of new bug bounty programs through BugCrowd, YesWeHack, and HackerOne in 2023, the industry is expected to continue its growth.
  6. Websites are the most attacked vendor, with 95% of hackers focusing their efforts on websites and a 151% increase in reports from 2021.
  7. The average spend on bug bounties increased from $2,000 in 2021 to $3,000 in 2022.
  8. The average payout increased from $6,443 in 2021 to $26,728 in 2022.
  9. Hackers found 65,000 vulnerabilities in 2022.

The Hackers

Bug bounty hunters are like modern-day treasure hunters, scouring websites and applications in search of valuable vulnerabilities.

Their thrill for the hunt and love for code make them the ultimate digital sheriffs, protecting our online lives from cyber criminals. Here are some statistics about ethical hackers in the industry:

Career & Motivations

  1. 96% see ethical hacking as a full-time career.
  2. 79% participate in bug bounties to learn.
  3. 71% are inspired by the potential to make money.
  4. 59% see bug bounties as a means of having fun and advancing their careers.
  5. 65% choose bug bounties based on rewards.
    65% choose bug bounties based on rewards.
  6. 85% want greater transparency on vulnerability disclosures.
  7. 54% are employed elsewhere.
  8. 86% define themselves as part-time hunters.
  9. 92% of hackers believe they can find things that AI and scanners cannot.

Demographics

  1. 50% of bug hunters are 21-29 years old, making them the dominant age group.
  2. 20% of bug hunters are 30-39 years old.
  3. 95% of bug hunters are male.
  4. 32% of bug hunters are students.

Trends

With the increasing importance of cybersecurity, it is no surprise that bug bounty programs have become a trend in the technology industry.

They provide a mutually beneficial solution for companies and the security research community. Here are some key trends appearing in the industry:

  1. There is a shift from bug bounty ransoms to using high-paying bug bounty program platforms to uncover vulnerabilities.
  2. More and more companies are moving towards bug bounties overall for their security.
  3. AI is becoming more mainstream and is expected to play a more significant role in security research in the coming years.
    AI is becoming more mainstream
  4. COVID-19 pushed more jobs remotely, which is perfect for bug bounty hunters.
  5. International governments are more focused on their internal networks to protect from attacks, leading to a global bug bounty-hunting industry.

“The work-from-home culture has made employees desire more independence and has further encouraged digital nomads to pursue a remote working career,” said Inti De Ceukelaire, head of hackers at Intigriti.

“Bug bounty platforms can not only facilitate this, but they also allow people to work wherever they want, whenever they want, and without having to rely on a boss to match their talents with customers or be part of a corporate hierarchy.”

Predictions

While we do not have a crystal ball to see into the future, we can make some critical predictions of where the industry is expected to continue to grow.

  1. 2023 will see the rise of “the rogue.” As more companies lay off workers, we may see more people willing to sell information about their former businesses.
  2. There is expected to be a rise in attacks from the inside rather than ransomware attacks.
  3. SMS phishing is expected to be more successful than email phishing.
  4. 38% of hackers believe the most significant challenge for organizations is a need for in-house skills, which is expected to change.
  5. More women are expected to join the industry.
  6. The market is 49.37% in North America and is expected to keep its dominance.

Check out our post, for more bug bounty trends and predictions.

Conclusion

The bug bounty industry has seen substantial growth in recent years, with a 21% increase in software vulnerabilities found and a three-fold increase in payouts from bug bounty programs.

Most bug bounty hunters see ethical hacking as a full-time career. They are motivated by learning, making money, and having fun.

Today, the bug bounty market is valued at $223.1 million in 2020, which will grow to $5,465.5 million in 2027. The rise of AI and the mainstreaming of cybersecurity will continue to shape the bug bounty industry, as well as the increasing importance of transparency in vulnerability disclosures.

To take advantage of bug bounty programs, start now!