Each blog in the series “Breaking Down the Benefits of Hacker-Powered Pentests” has focused on one of the key findings in Forrester Consulting’s report The Total Economic Impact Of HackerOne Challenge: Improved Security And Compliance.
This blog looks at the dollar savings customers realize when they switch to HackerOne from traditional penetraton testing firms.
Bottom line: companies that move to HackerOne for their pentesting needs save money. In their interviews, Forrester found that how each company managed the savings varied. In some cases, they took it to the bank, so to speak, and reinvested it in other areas. Other companies used the savings to run more hacker-powered pentests with HackerOne to bring even more systems into compliance.
To net it out, Forrester constructed a composite financial model based on their customer interviews that any company can use to understand how much they stand to save.
Over a three-year horizon, Forrester calculated benefits of $541,577 versus costs of $252,127, delivering a net present value savings of $289,450, ROI of 115%, and a payback period of fewer than 6 months.
Quotes from the customers interviewed by Forrester provide additional color:
“Every $1 we spend on HackerOne pentesting would have meant $5 in the past for other pentesting and auditors.”
“HackerOne is a much better cost model than red-team pentesting. It is far cheaper to run bug bounties than do traditional pentesting. And you get much better results.”
“If you break it down as bounty payouts compared to the quality of vulnerabilities found and time saved, HackerOne is a much better ROI compared to traditional pen testing companies.”
Whether you need to comply with PCI DSS, SOC2 Type 2, or HITRUST, if you’re still working with a traditional penetration testing firm, chances are you’re paying too much and missing vulnerabilities.
Download your free copy of Forrester’s “The Total Economic Impact Of HackerOne Challenge: Improved Security And Compliance” for all the detailed calculations and to learn how HackerOne can help you comply with regulations faster and with less internal effort, all while improving security.