Reducing Risk With a Bug Bounty Program

Data breaches can cost millions in damages and fines and have a devastating impact on customer trust, reputation, and finances. The Information Commissioner Office (ICO) in the United Kingdom (UK) recently announced its plans to fine British Airways approximately $230 million for a data breach that saw the personal data of over half a million customers stolen last year. Attackers are believed to have gained access via a third-party JavaScript vulnerability, which, on the bug bounty market, carries a value between $5,000 -$10,000.

We recently analyzed the costs of four major data breaches and compared them to the bounty prices associated with the vulnerabilities exploited in those breaches. The research studied the costs, lawsuits and fines associated with the data breaches that affected British Airways (2018), TicketMaster (2018), Carphone Warehouse (2018) and TalkTalk (2015). Overall, the breaches cost the four organisations more than $341 million. However, had the vulnerabilities been identified and responsibly disclosed by hackers as part of a bug bounty program, the organisations would have collectively only had to pay out between $12,340 – $42,000 based on average bug bounty prices.

Although this research is a rough estimate on bounty prices based on our existing programs across the same industries, it does highlight that organizations today that are working with hackers to identify and resolve vulnerabilities may be saving millions by identifying and resolving vulnerabilities. 

We included the following table to show the costs associated with individual breaches and the average bug bounty price for the type of vulnerability exploited in those breaches.

Table 1. Cost of a Data Breach versus the Cost of a Vulnerability

By running bug bounty programs and asking hackers to find their weak spots, our customers have safely resolved over 140,000 vulnerabilities before a breach could occur. This year, HackerOne’s Hacker-Powered Security Report revealed that when a new bug bounty program is launched, hackers report the first valid vulnerability within 24 hours in 77 per cent of the cases, while 25 percent of valid vulnerabilities are classified as high or critical severity. As a result, organisations around the world are seeing significant value in running bug bounty programs with hackers. 

For more information on the most impactful and rewarded vulnerabilities, please visit: https://www.hackerone.com/blog/hackerone-top-10-most-impactful-and-rewarded-vulnerability-types

Keep your files stored safely and securely with the SanDisk 2TB Extreme Portable SSD. With over 69,505 ratings and an impressive 4.6 out of 5 stars, this product has been purchased over 8K+ times in the past month. At only $129.99, this Amazon’s Choice product is a must-have for secure file storage.

Help keep private content private with the included password protection featuring 256-bit AES hardware encryption. Order now for just $129.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!