How Helvetia strengthened its security posture with HackerOne
Cybersecurity has become a vital part of Helvetia’s strategy to protect both its operations and the trust of its customers.
Limitations of a traditional model
Helvetia Group is one of Switzerland’s leading insurance companies, offering a broad range of insurance and pension solutions in Germany, Austria, Spain, Italy, and France. Cybersecurity has become a vital part of Helvetia’s strategy to protect both its operations and the trust of its customers.
As cyber threats become more sophisticated and the attack surface expands, Helvetia recognized the need for a proactive, scalable approach to vulnerability management. That’s when they turned to HackerOne.
Before HackerOne, Helvetia relied on traditional penetration testing and internal security processes to identify vulnerabilities. While these methods were useful, they had limitations:
Non-continuous testing
Testing occurred at fixed intervals, often leaving long gaps between assessments
Testing occurred at fixed intervals, often leaving long gaps between assessments
Unrestricted scope
The scope was restricted, meaning some assets weren’t regularly tested
The scope was restricted, meaning some assets weren’t regularly tested
A growing ecosystem
Scaling security efforts across a growing digital ecosystem was increasingly difficult
Scaling security efforts across a growing digital ecosystem was increasingly difficult
Slow response
Manual workflows slowed down response times
Manual workflows slowed down response times
Our goal was to increase visibility into hidden vulnerabilities and strengthen our overall security posture in a way that complemented our internal efforts.
We had high expectations for the program, particularly around surfacing critical vulnerabilities that conventional tools might miss. Our only hesitation was managing the inflow of external reports while ensuring data protection and legal compliance.
Helvetia's program on HackerOne
Helvetia chose HackerOne for its extensive community of security researchers, proven track record with global enterprises, and robust platform capabilities. The decision was also driven by the desire to continuously monitor security risks and enhance compliance across jurisdictions.
Driving value
The program quickly proved its value. Security researchers uncovered logic flaws and complex chained vulnerabilities, issues that would have gone undetected through automated tools.
Continuous testing by a global community gave us insights that traditional methods simply couldn’t. It’s like having a 24/7 security lens on our systems.
By incorporating time-bound bounty incentives during high-impact product launches, Helvetia saw faster vulnerability reporting and higher engagement. The team also leveraged HackerOne’s robust analytics to streamline triage, allocate resources effectively, and prioritize remediation based on risk.
Faster validation
Helvetia also adopted Hai, to accelerate vulnerability validation and reduce manual workload. Hai analyzes each report by assigning a credibility score, comparing it against similar submissions, and suggesting CVSS severity and bounty amounts. By surfacing high-impact findings faster, it enables Helvetia’s team to focus on strategic decisions and faster resolution
Scaling security with HackerOne's researcher network
Our bug bounty program acts as a force multiplier rather than replacing internal efforts. Helvetia’s in-house security team can now focus on strategic initiatives while HackerOne’s community enhances day-to-day vigilance.
“The collaboration between internal experts and ethical security researchers has elevated our program. It’s no longer just about finding bugs – it’s about building a resilient security culture.”
The future of security at Helvetia
Helvetia sees HackerOne as a long-term partner in its cybersecurity strategy. As the organization continues to grow and evolve, the bug bounty program will remain a cornerstone of its efforts to stay proactive, agile, and resilient. With HackerOne’s scalable model, Helvetia can continuously adapt to new challenges and ensure emerging threats are addressed before they impact the business.
The return on investment is clear. By reducing risk, accelerating response times, and reinforcing customer trust, HackerOne has delivered measurable value. “Preventing even a single breach can justify the investment,” said Ulrich Winterer. “But more than that, the program has helped protect our reputation and strengthen our security culture.”
For organizations considering a bug bounty program, Helvetia recommends starting with clear objectives and choosing a trusted, experienced partner. Transparency around program scope and an openness to collaboration with security researchers are key. “A bug bounty program isn’t just a tactical initiative – it’s a long-term commitment to continuous improvement.”
Looking forward, Helvetia plans to expand the program's reach even further. One area of focus will be deeper integration into DevSecOps processes, embedding vulnerability discovery earlier in the software development lifecycle. As security continues to shift left, HackerOne will help Helvetia stay ahead of threats while enabling faster, safer innovation.
Hai has been instrumental in improving response times by automating certain tasks like report categorization and initial triaging. It frees up our team to focus on high-priority vulnerabilities.
Start with clear goals and choose a partner you can trust. HackerOne brings more than just a platform – they bring a global mindset and a commitment to helping you improve continuously.
HackerOne’s bug bounty program acts as an additional layer of defense, allowing our in-house team to stay focused on strategic priorities while security researchers uncover vulnerabilities. It’s also fostered stronger collaboration and knowledge sharing between internal and external experts.
HackerOne’s reporting and analytics have made it much easier to prioritize and act on vulnerabilities. With insights like severity ratings, resolution times, and historical trends, we can allocate resources more effectively and stay focused on what matters most.
