The tech sector breathed a sigh of relief when the Federal Reserve confirmed its bail out of Silicon Valley Bank (SVB). SVB’s client base of big tech and scrappy startups would survive to do business for another day. However, this doesn’t mean the end of the tech industry’s troubles. Security experts have speculated in a Dark Reading article that the bank’s collapse potentially signals a slowdown in investment in cybersecurity startups: “Financial support in the form of lines of credit and venture debt is going to become much more difficult [for startups] to come by,” said Rob Ackerman, founder and managing director of AllegisCyber Capital. “SVB was the leading source of that financing and with them gone, the slope of the hill for young startups just became that much more difficult.”
A potential slowdown in investment in cybersecurity startups poses a risk beyond a financial meltdown: a lack of innovation in the security industry will drive down our overall resistance to attack. When thinking about a scenario in which our HackerOne founders had been unable to secure the funding that allowed HackerOne to grow to serve thousands of organizations – from tech enterprises and national governments to start-ups and banks – the internet would be a far less safe place for those organizations, and for the hackers themselves.
Cybersecurity needs innovation. We can’t afford to slow down; cybercriminals jump on opportunities like a financial crisis to find new ways to take advantage of cash-strapped businesses and individuals. Regulatory Data Corp said it saw cybercrime rise by an average rise of 40% for the two years following the last recession’s 2009 peak. The FBI also noted an increase in cybercrime during the same period. Cybercrime also increased during the Covid-19 pandemic, with Interpol reporting a significant target shift from individuals and small businesses to major corporations, governments, and critical infrastructure.
Ethical hackers are our best solution to match the ingenuity and inventiveness of cybercriminals. And with organizations facing headcount and budget reductions, enormous pressure exists to do more with less. A full-time pentester could cost an organization as much as $250,000 a year. For the same price, you could get access to hundreds or thousands of hackers with a hugely diverse range of expertise, knowledge, and approaches to test your defenses. A hacker submits a vulnerability report to the HackerOne platform every 2.4 minutes, and 28.9% of our pentests receive a report within the first day of launch. New customer programs received an average of four high or critical valid vulnerability reports in the first month.
Bias and misconceptions still exist that including hackers in your cybersecurity strategy is risky. However, if the most risk-averse organizations use hackers, you should too. The U.S. Department of Defense became the front-runner in realizing the need for an outsider mindset to protect national security. Since the launch of Hack the Pentagon in 2017, hackers have uncovered more than 45,000 vulnerabilities for the DoD.
Asking hackers to secure government organizations might have sounded crazy initially, but now the U.S., Singapore, and U.K. Ministries of Defense rely on hacker insights to strengthen national security. It’s once-in-a-lifetime ideas like this that we need to stay on top of ever-growing cyber threats. The ideas that will continue to secure investment dollars will be those addressing the most significant requirements organizations have: speed and cost. However, keeping up with cybercriminals while managing budget constraints might mean stepping outside of your comfort zone and testing something new. The comfort zone was created for your organization by vendors eager to have an easy source of high-margin revenue. Their margin is your opportunity to do things in a more efficient way and support true security innovation.
The potential economic downturn challenges even the most successful of organizations. Across the board, companies face headcount and budget cuts, and security teams must do more with less. Over the coming weeks, stay tuned for more on this topic based on conversations with our customers and hackers about how to get more security for your cybersecurity budget and demonstrate success to your leadership.
I’d love to hear more about your challenges and plans to secure the coming year. Let’s meet at RSA in April and share how you see the economic climate impacting our industry.