A new report from HackerOne, The 15% Advantage: How High-Performing CISOs Leverage Crowdsourced Security, sheds light on how a select group of security leaders are outpacing their peers by taking a more comprehensive approach to crowdsourced security.
The study, based on a survey of 400 CISOs across 13 industries, found that while 94% of security leaders are familiar with crowdsourced security, only 15% are fully unlocking its benefits. These top performers are combining three core elements, bug bounty programs, vulnerability disclosure programs (VDPs), and third-party pentesting, into an integrated strategy.
The impact of this approach is measurable. While 73% of CISOs using crowdsourced security say it’s effective at identifying and addressing vulnerabilities, that number jumps to 89% among those deploying all three core services in tandem.
“Crowdsourced security isn’t new. But leading with it in the age of AI is what sets today’s top CISOs apart,” said Kara Sprague, CEO of HackerOne. “As AI expands the enterprise attack surface and raises the stakes for rapid response, human ingenuity and outside perspective are more essential than ever. The organizations seeing the most value engage the global community of independent security researchers for responsible vulnerability disclosure, bug bounty, and pentesting across their digital assets and AI systems.”
The report also underscores the evolving responsibilities of CISOs. Beyond traditional security oversight, 84% of CISOs now hold responsibility for AI safety, and 82% oversee data privacy.
With offensive security becoming a board-level priority, HackerOne’s findings suggest that a proactive, integrated crowdsourced security approach gives CISOs a measurable edge, helping them detect risks that internal teams might overlook.
For more details, the full report is available on HackerOne’s website.
Join our LinkedIn group Information Security Community!
