A study by the security platform Hackerone reveals that there are sometimes striking contrasts between the goals of digital security and its implementation in companies. […]
At the same time, the company is publishing its appeal for corporate responsibility in terms of cybersecurity. The aim of the appeal is to create a safer Internet for all by calling for an increased commitment to transparency and a positive culture with regard to cybersecurity. Several large international companies such as TikTok, Wix, Scythe, Starling Bank and GitLab have already pledged their support and are working with Hackerone.
According to the study, companies want to improve security in the face of increasing cyber attacks. 63 Percent of security experts surveyed said that cybersecurity best practices are just as important as cost when choosing a supplier. In addition, 62 percent of the security managers surveyed stated that they would change their provider in the event of a data breach at a supplier.
Customer losses due to security incidents
Companies are increasingly examining the security practices of their suppliers and attach great importance to a high level of security. However, there is a discrepancy between the corporate culture and the handling of security problems in one’s own company. Despite an increased focus on the topic of security, more than half of the respondents state that it is difficult for them to establish a security culture in their company. In addition, 53 percent confirm that they have lost customers as a result of a security breach.
When it comes to modernizing and introducing new cybersecurity practices, many respondents are also reluctant: a full 67 percent of companies confirm that they would rather accept software vulnerabilities than work with hackers – in Germany, however, only 54 percent share this view.
Another focus of the investigation was the company’s own handling of security vulnerabilities. According to this, 64 percent of companies state that they maintain a culture of security through secrecy about their own security measures (“Security by obscurity”), and 38 percent – in Germany even 44 percent – therefore do not openly talk about their cybersecurity practices. In addition, two out of three respondents (65 percent) of security experts admitted that the premise applies in their company that security is an obstacle to innovation – for German companies this was only the case for 49 percent.
To address these grievances, Hackerone has now published its appeal and calls on organizations around the world to improve their handling of cybersecurity and to campaign for more transparency in this regard.
The call focuses on four key areas and calls on all organizations to take a number of measures:
- Promote industry-wide transparency to build trust and share information
- Fostering a culture of industry-wide collaboration that empowers all companies to take charge of reducing cyber risks
- Promote innovation by encouraging development teams to develop safe products and bring them to market faster
- oblige your own company and suppliers to comply with best practices in order to make safety a distinguishing feature
“Security can determine the success or failure of initiating new business,” says Marten Mickos, CEO of HackerOne. “With their commitment to corporate security responsibility, GitLab, TikTok, Wix, SCYTHE and Starling Bank recognize that transparency and cooperation in cybersecurity represent a competitive advantage. The growing partner network offers support and advice from industry experts who focus on strengthening cybersecurity worldwide. By committing to this appeal, companies supplement their foundation and culture with the aspect of transparency.“
Johnathan Hunt, VP of Security at GitLab, explains why the company has joined the appeal: “For GitLab, transparency is a living practice. This makes our software more secure, and we can work better together and be innovative. The corporate security call from Hackerone therefore corresponds in particular to our values. We are pleased to be one of the first partners to publicly commit to these values. We also encourage other organizations to learn about the benefits of complying with Corporate Security Responsibility (CSecR) obligations and look forward to being part of a more secure and productive software ecosystem.”