Why Airbnb, Paypal and Spotify are paying hackers to break their security
Top global chief executives have willingly forked out more than $50m (£38m) to hackers amid growing concerns about cybersecurity threats.
Bosses have paid so-called ethical hackers to help tighten up their cyber defences in a bid to avoid expensive and embarrassing data breaches.
Read more: Government to roll out new cybersecurity laws for IoT products
According to data from cybersecurity firm Hackerone, the amount paid to tech boffins has grown exponentially in recent years.
“The state of software security is so bad,” Hackerone chief executive Marten Mickos told City A.M. “Whatever you can imagine; it’s worse.”
As cyber threats increase around the world, companies are turning to so-called white hat hackers to identify vulnerabilities in their systems.
Hackerone, which has roughly 400,000 hackers on its books, said it expects to have pulled in cumulative revenues of $100m by the end of next year and forecasts this sum to rise to the billions over the next decade.
Chris Boyd, malware intelligence analyst at software firm Malwarebytes, said ethical hacking firms encourage businesses to carry out bug bounty programmes and ensure hackers are paid fairly.
“Anything which helps legitimise ways for researchers to contribute to a safer online experience is overall going to be a good thing,” he told City A.M.
Hackerone counts tech giants such as Microsoft and Paypal, as well as government agencies including the US defence department, among its clients.
It is part of a growing field of cybersecurity firms, such as Dutch firm Zerocopter and UK-based Redscan, which offer hacking services for their clients.
The strategy has raised eyebrows among some companies, with critics questioning the use of hackers in cybersecurity defences.
Boyd cited the growing trend of so-called grey hats, referring to hackers who works as both cyber criminals and security professionals.
“This shows the need for proper security financing to the executive and board level and keeping security professionals at organisations paid-well and motivated,” he said.
Read more: Cyber attacks on businesses soar 235 per cent in just a year
But Mickos, who describes his firm’s work as the “vaccine of the internet”, defended the use of hackers and dismissed negative stereotypes about them.
“They’re like the boy scouts and girl scouts of the internet,” he said. “They do good; they are there to help.”