New HackerOne Research Reveals How The Top 15% of CISOs Gain the Security Edge
SAN FRANCISCO, July 29, 2025 – HackerOne, the global leader in offensive security solutions, today released a new research report, The 15% Advantage: How High-Performing CISOs Leverage Crowdsourced Security, spotlighting how a group of high-performing security leaders are creating an advantage for their business by fully leveraging crowdsourced security.
While nearly 94% of CISOs are familiar with crowdsourced security, the report identifies a striking gap: only 15% are unlocking its full potential through the comprehensive adoption of its three main services: bug bounties, vulnerability disclosure programs (VDPs), and third-party pentesting. There are clear increases in efficacy when all three work together. Findings show that 73% of CISOs who use crowdsourced security find it effective at identifying and eliminating vulnerabilities—but that number jumps to 89% for those deploying all three core elements in tandem.
“Crowdsourced security isn’t new. But leading with it in the age of AI is what sets today’s top CISOs apart,” said Kara Sprague, CEO of HackerOne. “As AI expands the enterprise attack surface and raises the stakes for rapid response, human ingenuity and outside perspective are more essential than ever. Organizations seeing the most value engage the global community of independent security researchers for responsible vulnerability disclosure, bug bounty, and pentesting across their digital assets and AI systems. This is about moving beyond experimentation and point solutions—toward a proactive, integrated approach.”
The report is based on a global survey of 400 CISOs from large organizations spanning 13 industries. The report highlights the evolving role of the CISO in today’s complex business environment, as 84% of CISOs are now responsible for AI safety, and 82% now oversee data privacy.
With offensive security increasingly becoming a board-level priority for enterprises, The 15% Advantage report addresses the beliefs that have slowed broader adoption, and highlights the advantage of crowdsourced security and its ability to find issues that internal teams miss.
Read the report to learn how high-performing CISOs are leveraging crowdsourced security to stay ahead of tomorrow’s risks.
About HackerOne
HackerOne is a global leader in offensive security solutions. Our HackerOne Platform combines AI with the ingenuity of the largest community of security researchers to find and fix security, privacy, and AI vulnerabilities across the software development lifecycle. The platform offers bug bounty, vulnerability disclosure, pentesting, AI red teaming, and code security. We are trusted by industry leaders like Anthropic, Crypto.com, General Motors, GitHub, Goldman Sachs, Uber, and the U.S. Department of Defense. HackerOne was named a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024.