As Economy Slows, Headcount and Resource Cuts Harm Security Teams’ Ability to Combat Threats

HackerOne Research Reveals Cybersecurity Budget Reductions and Team Layoffs Continue as Vulnerabilities Rise, Potentially Leaving Organizations More Vulnerable to Attack

SAN FRANCISCO, April 19, 2023 – HackerOne, the leader in human-powered security, today announced the results of research revealing that half of organizations experienced an increase in system vulnerabilities in the last year, as many face security budget cuts and layoffs. Sixty-seven percent of companies also reported these reductions negatively impact their ability to handle cybersecurity issues effectively. The overall findings illustrate the importance of prioritizing highly integrated solutions to optimize limited cybersecurity resources and ensure attack resistance. 

In light of a slowing economy, key findings include:

• Organizations remain concerned about financial and brand reputation damage as vulnerabilities rise. In the last 12 months, half of organizations saw an increase in system vulnerabilities, and a majority are concerned about both financial (84%) and reputation/brand damage (83%) from breaches. 
• However, companies still plan to, or have already, conducted layoffs and budget cuts affecting security teams. In the last 12 months, 39% of companies have made security headcount cuts, and 40% plan to make them in the next 12 months. Thirty-four percent of companies have also made security budget cuts, with approximately one-quarter planning to make them in the next 12 months.
• Companies waste precious dollars due to inefficiencies in their tech stack and software development lifecycle (SDLC) security processes. One-third of organizations admit they waste money finding software vulnerabilities too late in the SDLC, and 43% still view cybersecurity as an innovation blocker when building software. 

Thirty-seven percent of companies also reported that while AI and automation can be somewhat relied upon, humans are still needed to discover the highest-risk vulnerabilities. Hackers can fill the gaps automation leaves behind by identifying unknown assets internal teams don’t know to scan for and zero days — or novel vulnerabilities — that automation fails to detect. Hackers also produce high-impact vulnerability reports that provide internal teams with necessary context to prevent reproducing the same problems. HackerOne customers can now benefit from a suite of human-powered security solutions under one Attack Resistance Platform. The platform provides a unified, preemptive security solution to protect applications from cybercriminal exploits. 

“Vendor optimization reduces risk and delivers efficiencies — especially in an economy where every dollar counts. Ethical hackers employ an adversarial approach that ensures customers pinpoint the most critical vulnerabilities, without sifting through mountains of data or incomplete reports from different point solutions,” said HackerOne Chief Operating Officer Mahesh Chukkapali. “Our customers can now effectively scale their security testing efforts with the Attack Resistance Platform and on-demand, highly skilled experts that deliver a full spectrum of adversarial application testing from attack surface management to bug bounty.” 

For more information about HackerOne’s Attack Resistance Platform, visit https://www.hackerone.com/product/overview. To learn more about what the platform is achieving for customers, visit RSA Conference 2023 booth N-6279, April 24-27. 

The CensusWide survey was conducted from March 29-31, 2023. The nationwide online survey gathered insights from 100 U.S. cybersecurity professionals aged 18 and up at companies with 10 or more employees.

About HackerOne

HackerOne closes the security gap between what organizations own and what they can protect. HackerOne's Attack Resistance Management blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to find and close gaps in the ever-evolving digital attack surface. This approach enables organizations to transform their business while staying ahead of threats. Customers include Citrix, Coinbase, Costa Coffee, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Microsoft, PayPal, Singapore’s Ministry of Defense, Slack, the U.S. Department of Defense, and Yahoo. In 2021, HackerOne was named a ‘brand that matters’ by Fast Company.