Priority One Report 2022

Judging by activity on the Bugcrowd Security Knowledge Platform™ in 2021, growth in crowdsourced security carried over from 2020, driven by the shift to hybrid/ remote workplaces and re-imagined supply chains during the global pandemic and the digital transformation that followed.

With the dust starting to settle but the cybersecurity skills gap still in force (with an estimated 2.7 million cybersecurity roles still to be filled at the time of this writing), the data suggests that organizations are increasingly turning to the Bugcrowd platform’s combination of data-driven insights, technology, and human intelligence (including the global security researcher community, aka “the Crowd”) to address, as efficiently as possible, critical bugs they’ve incurred during the digital transformation process.

In the software and financial services sectors in particular, we have seen evidence of increases not only in activity as a function of clearing a long tail of security debt, but also in severity levels and the payouts made to incentivize their discovery.

In its 2021 cybersecurity report, Accenture found that the vast majority of respondents (81%, compared to 69% in 2020) believe that “the cost of staying ahead of attackers is unsustainable.”

We believe that this perception of a losing battle, despite the billions of dollars spent collectively on cybersecurity technology, continued to fuel an interest in more innovative and proactive approaches, such as Bugcrowd, in 2021.

For this 2022 edition of the Priority One Report, we’ve analyzed the large amount of vulnerability data processed by the Bugcrowd Security Knowledge Platform™ throughout the third quarter of 2021 to uncover key insights about these trends, which we expect will continue into 2022. (Note: This time period does not capture the discovery of the massive Log4j vulnerability that was discovered in December 2021.) We also provide our point of view about key risks and policy drivers for security-minded organizations in 2021 based on direct customer experiences.

Finally, we’ve included some highlights from Bugcrowd’s complementary flagship report, Inside the Mind of a Hacker 2021.