This week, HackerOne, the global leader in offensive security, has unveiled a new research report titled The 15% Advantage: How High-Performing CISOs Leverage Crowdsourced Security.
This report explores how a select group of top-tier security leaders are driving measurable business impact by fully embracing crowdsourced security, transforming it from a tactical tool into a strategic advantage.
The report is based on a global survey of 400 CISOs from large organizations spanning 13 industries. The report highlights the evolving role of the CISO in today’s complex business environment, with:
- 84% of CISOs are now responsible for AI safety
- 82% of CISOs now overseeing data privacy
Notably, while nearly 94% of CISOs are familiar with crowdsourced security, the report identifies a striking gap: only 15% are unlocking its full potential through the comprehensive adoption of its three main services: bug bounties, vulnerability disclosure programs (VDPs), and third-party pentesting.
There are clear increases in efficacy when all three work together. Findings show that 73% of CISOs who use crowdsourced security find it effective at identifying and eliminating vulnerabilities, but that number jumps to 89% for those deploying all three core elements in tandem.
“Crowdsourced security isn’t new. But leading with it in the age of AI is what sets today’s top CISOs apart,” said Kara Sprague, CEO of HackerOne.
Sprague continues: “As AI expands the enterprise attack surface and raises the stakes for rapid response, human ingenuity and outside perspective are more essential than ever. Organizations seeing the most value engage the global community of independent security researchers for responsible vulnerability disclosure, bug bounty, and pentesting across their digital assets and AI systems. This is about moving beyond experimentation and point solutions—toward a proactive, integrated approach.”
With offensive security increasingly becoming a board-level priority for enterprises, The 15% Advantage report addresses the beliefs that have slowed broader adoption, and highlights the advantage of crowdsourced security and its ability to find issues that internal teams miss.
Read the report to learn how high-performing CISOs are leveraging crowdsourced security to stay ahead of tomorrow’s risks.
