Hackers Have More Earning Potential Than IT Pros, Bounty Program Report Finds

(Image credit: Shuttterstock)

HackerOne, which focuses on buy bounty solution, released the 2020 Hacker Report earlier this week, and for this year's installment it highlighted the increasing viability (or at least a decent source of supplemental income) associated with hacking as a career. 

Let's begin with a caveat. Of course HackerOne would promote hacking as a viable way of making some money. It operates a platform through which other companies are able to run bug bounty programs that pay researchers for new vulnerabilities. We doubt it would actively discourage people from pursuing that line of work.

That being said, HackerOne did at least explain why it believes hacking is becoming more lucrative in its 2020 Hacker Report. It said people earned nearly $40 million via its platform in 2019, which is the most it's seen to date, and that seven hackers each brought in $1 million a piece for the vulnerabilities they found. According to the report, the "potential earnings power" of a hacker is "well above today's global average IT salary of $89,732." 

HackerOne also said that 78% of its platform's members are "using their hacking experience to help them find or better compete for a career opportunity," (which, honestly, sounds a bit ominous). It added that "nearly 40% of hackers devote 20 hours or more per week to their search for vulnerabilities" and that 18% do so full-time.

This growth makes sense. Companies have become increasingly willing to run public bug bounty programs so they can better secure their products in recent years. See: Apple starting a public bug bounty program, Google paying out more via its programs each year and Microsoft introducing more programs, among other things.

Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

  • USAFRet
    "and that seven hackers each brought in $1 million a piece for the vulnerabilities they found. "

    7 high earners and the rest peons.
  • Pat Flynn
    "The sky has the potential to monsoon and flood my property"... and how often does that happen?
  • bit_user
    USAFRet said:
    7 high earners and the rest peons.
    Pretty much. I'm sure there's more than another seven that make between $1M and their figure of $90k.

    But, it's still going to be probably no more than a couple % that make most of the money, and the rest of them competing for table scraps. And a lot of them will be putting in a good deal more than 40 hours/week at it.

    However, it's probably not a bad way to get some exposure to real-world security problems, if your ambition is to eventually get a salaried position in the industry.