Bug bounty platform Bugcrowd has raised $30 million in a series D round of funding led by Rally Ventures. The announcement comes as the cybersecurity industry struggles with a growing skills gap, compounded by a rising number of cyberattacks that could cost the industry $6 trillion by 2021. This figure may rise even further if the recent shift to remote working becomes a more permanent trend. Cybersecurity officials from the U.S. and U.K. have warned that state-backed hackers and online criminals are taking advantage of the COVID-19 outbreak, using people’s anxiety to lure them into clicking on links and downloading attachments.
Founded in 2012, San Francisco-based Bugcrowd is one of a number of crowdsourced bug bounty platforms that connect companies with “white hat hackers” to find and fix vulnerabilities for a fee. Bugcrowd claims a number of high-profile customers, including Twilio, Etsy, Tesla, Cisco, Pinterest, Atlassian, and Sophos.
Bugcrowd’s platform offers instant access to additional cybersecurity capacity, and its bug hunters have always worked remotely, so the company is ready for the demands of remote working.
“Crowdsourced security platforms are built to simultaneously enable a remote workforce and help organizations maximize their security resources while benefiting from the intelligence and insights of a ‘crowd’ of security researchers,” Bugcrowd CEO Ashish Gupta told VentureBeat. “In the current environment, a lot of companies don’t have the required resources to secure and test remote environments where the majority of business is now taking place.”
According to Gupta, the rapid shift to remote work has driven increased demand for its platform, including an increase in customers looking for experts to test environments and provide advice on how to better secure data. In March, when many countries went into lockdown, Bugcrowd said it saw a 20% increase in vulnerability submissions compared to its previous record.
As with other companies and industries that have seen a boom in demand from the COVID-19 crisis, it’s too soon to say whether things will continue for Bugcrowd once the pandemic passes. However, any demand spike that can be attributed to the recent rise in remote working is actually set against a broader upward trajectory, which the company said led to “record year-over-year growth,” including a 100% increase in the North American enterprise market.
“For many companies around the world currently, remote work is the new normal,” Gupta said. “This means organizations are quickly working to adapt business models and processes to securely enable their workforce. We believe that organizations that resisted remote working arrangements in the past will reconsider their position once the crisis starts to recede, given the cost and productivity benefits.”
Bugcrowd had previously raised nearly $50 million, including a $26 million round two years ago, and its fresh cash injection will allow it to accelerate the expansion of its crowdsourced security platform. The raise also comes shortly after rival HackerOne secured an extra $36 million in financing and recently revealed that it had paid out around $40 million in bounties in 2019, roughly equal to the total paid out for all previous years combined. In January, Google announced that is had paid security researchers more than $21 million for bugs they found, nearly a third of which came in 2019 alone.
The appetite for bug bounty programs is clearly growing, and as cybercriminals adapt their methods to the new environment, companies will have to adapt too.