The global cybersecurity market was pegged at $152 billion in 2018, and it’s expected to grow to $250 billion within a few years. Rarely does a day go by without some form of data breach, hack, or other security lapse hitting the headlines. No matter how much companies invest to ensure their products ship glitch-free, there will likely be some kind of weakness in their systems that makes them susceptible to infiltration.

Against this backdrop, bug bounty platform HackerOne today announced that it has raised $36.4 million in a series D round of funding led by Valor Equity Partners, with participation from Benchmark, New Enterprise Associates, Dragoneer Investment Group, and EQT Ventures, among others.

Founded in 2012, San Francisco-based HackerOne is a platform that connects companies with security researchers or “white-hat hackers,” who receive cash incentives to find and report security glitches in software applications.

On top of the bounty paid to a person or people who find and report a bug, HackerOne charges companies a 20% commission. The company said the average amount of money shelled out to white-hat hackers for critical vulnerabilities is now $3,384, up 48% year-on-year (YoY), with six members of the HackerOne community surpassing $1 million in total lifetime earnings this year. Moreover, it said that 100 hackers earned more than $100,000 in bounties in 2018, with a total of $19 million doled out in the whole of last year.

Big business

Back in June, two Florida cities collectively paid more than $1 million in Bitcoin ransoms to hackers after cyberattacks compromised data and disabled critical computer systems. This helps illustrate the appeal app and database vulnerabilities hold for bad actors — it’s not just about stealing data, as ransomware attacks can also prove extremely lucrative.

Moreover, we’re fast approaching a time when every company is effectively a software company, which means more targets for cybercriminals. This is why investors are keen to back bug bounty platforms such as HackerOne and its San Francisco rival Bugcrowd, which raised a $26 million tranche of funding last year.

“HackerOne is leading a new wave of cybersecurity companies tackling the unique challenges brought on by rapid growth and more sophisticated attack surfaces,” said Valor Equity Partners’ David Obrand, who now joins HackerOne’s board of directors. “Hacker-powered security is here to stay, and with its tremendous customer and hacker community, HackerOne is dominating the market.”

HackerOne claims some big-name clients, including Alibaba, Airbnb, the U.S. Department of Defense, Dropbox, Goldman Sachs, Intel, Starbucks, Spotify, Nintendo, PayPal, Toyota, Twitter, and many others. According to the company, a white-hat hacker connects with a company through HackerOne once every minute of the day, and in more than three-quarters of new bug bounty programs, a valid vulnerability is reported within a day. One-quarter of those, according to HackerOne, are deemed to be of “high” or “critical” severity.

“HackerOne was founded to empower the world to build a safer internet,” added HackerOne CEO Marten Mickos. “Our business growth has outpaced the market, and with increased adoption by some of the world’s leading organizations, from financial services, retail, hospitality, and more, now is the time to make the HackerOne community and platform available to all organizations, globally, that rely on software.”

HackerOne had previously raised around $74 million, including its $40 million series C round back in 2017, and with a fresh $36.4 million in the bank, the company plans to expedite global expansion and scale its “enterprise and data-powered offerings,” according to a statement.

“This new round of funding enables us to bring hacker-powered security to everyone,” Mickos added.

Sign up for Funding Daily: Get the latest news in your inbox every weekday.