Does the Outsider Help? The Impact of Bug Bounty Programs on Data Breaches

12 Pages Posted: 23 Aug 2021

See all articles by Aleksi Aaltonen

Aleksi Aaltonen

Stevens Institute of Technology - School of Business

Yiwen Gao

Temple University - Department of Management Information Systems

Date Written: August 20, 2021

Abstract

The ubiquity of digital technology and the increasing amount of data stored in organizational IT systems make cybersecurity a critical issue to many businesses. To harden their systems against data breaches, companies have started to use bug bounty programs to involve outsiders in helping to find potential flaws in their system. However, these programs attract not only benevolent white hat hackers but also malicious black hat hackers. Whether the adoption of a bug bounty is an efficient way to reduce data breaches remains an unanswered empirical question. Our research explores whether the adoption of bug bounty program decreases the number of data breach and how the firm’s risk preference moderates this impact. Surprisingly, we find that the adoption of bug bounty program increases the number of data breaches. However, this impact is moderated by the firm’s risk aversion so that for highly risk averse firms, the adoption of a bug bounty program decreases the number of data breaches. Our research contributes to cybersecurity and crowdsourcing literature and provides useful suggestions to practitioners.

Keywords: bug bounty, crowdsourcing, cybersecurity, outsider

Suggested Citation

Aaltonen, Aleksi and Gao, Yiwen, Does the Outsider Help? The Impact of Bug Bounty Programs on Data Breaches (August 20, 2021). Fox School of Business Research Paper , Available at SSRN: https://ssrn.com/abstract=3908761 or http://dx.doi.org/10.2139/ssrn.3908761

Aleksi Aaltonen (Contact Author)

Stevens Institute of Technology - School of Business ( email )

Hoboken, NJ 07030
United States

Yiwen Gao

Temple University - Department of Management Information Systems ( email )

1810 N. 13th Street
Floor 2
Philadelphia, PA 19128
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
307
Abstract Views
941
Rank
201,668
PlumX Metrics