Does the Outsider Help? The Impact of Bug Bounty Programs on Data Breaches
12 Pages Posted: 23 Aug 2021
Date Written: August 20, 2021
Abstract
The ubiquity of digital technology and the increasing amount of data stored in organizational IT systems make cybersecurity a critical issue to many businesses. To harden their systems against data breaches, companies have started to use bug bounty programs to involve outsiders in helping to find potential flaws in their system. However, these programs attract not only benevolent white hat hackers but also malicious black hat hackers. Whether the adoption of a bug bounty is an efficient way to reduce data breaches remains an unanswered empirical question. Our research explores whether the adoption of bug bounty program decreases the number of data breach and how the firm’s risk preference moderates this impact. Surprisingly, we find that the adoption of bug bounty program increases the number of data breaches. However, this impact is moderated by the firm’s risk aversion so that for highly risk averse firms, the adoption of a bug bounty program decreases the number of data breaches. Our research contributes to cybersecurity and crowdsourcing literature and provides useful suggestions to practitioners.
Keywords: bug bounty, crowdsourcing, cybersecurity, outsider
Suggested Citation: Suggested Citation