Cyber-attacks are rising at a significant and highly concerning rate, with the UK National Cyber Security Centre (NCSC) handling an average of four ‘nationally significant’ attacks every week throughout 2025.
According to the NCSC Annual Review 2025, a substantial proportion of all cybersecurity incidents handled over the last 12 months were linked to advanced persistent threat (APT) actors – either nation-state actors or highly capable criminal groups.
This is perhaps no surprise, with state-sponsored campaigns perpetrated by groups such as Midnight Blizzard in Russia seeing notable rises in 2025, many of which exploited identity layers and cloud collaboration tools for persistence.
In response, the NCSC continues to work across both public and private sector organizations, including local authorities and operators of critical national infrastructure, to strengthen defensive posture and improve national cyber resilience.
In practice, many security leaders are being asked to modernize defenses while operating legacy estates, constrained procurement cycles and persistent hiring gaps.
The mandate to digitize services has accelerated; the security capacity to support that shift has not always kept pace.
New Government Investment is Welcome
According to a recent report from IBM, the average cost of a security breach totaled $2.86m in 2025. As such, news that the UK government is looking to implement a £210m investment into public sector cyber defense couldn’t be more welcome at this time.
Recently in December 2025, a major cyberattack on Kensington and Chelsea Council potentially compromised the personal information of hundreds of thousands of residents, including sensitive data that could increase exposure to fraud and social engineering.
The Growing Role of Crowdsourced Security
With such high stakes, public sector organizations need to adopt robust new measures to protect both themselves and the data they hold, particularly as the push to digitize public services continues to gather pace.
In order to achieve this, many are beginning to explore crowdsourced security. This aligns with the broader shift toward Continuous Threat Exposure Management (CTEM), where organizations focus on continuously identifying and validating exposures across their attack surface rather than relying on periodic point-in-time testing.
Crowdsourced Security Explained
At its core, crowdsourced security extends an organization’s security capability beyond its internal team by engaging a vetted global community of researchers to identify vulnerabilities continuously, not just during scheduled assessments.
Data from the Hacker Powered Security Report indicates that more than $3 billion in mitigated losses were mitigated in the past year through structured programs such as bug bounties, VDPs and pentest-as-a-service engagements.
Making Crowdsourced Security Work
Finding success with crowdsourced security begins with CISOs defining the scope and goals of their program, then connecting with the community of security researchers. After launching the program, they will receive and review reports to address confirmed vulnerabilities. From there, they can choose to refine or expand the program as necessary over time.
Key Benefits of Crowdsourced Security
Crowdsourced security offers a number of benefits over traditional tactics performed by internal security teams, many of which are under-resourced in the public sector. Some of these include:
- Access to diverse, global talent: Crowdsourced security taps into a worldwide network of security researchers with varied backgrounds and expertise, including experience with AI-model security and data privacy issues. This diversity means vulnerabilities are found from multiple perspectives, covering much more ground than a single in-house team could in the same amount of time
- Simulates real-world attacks: Unlike automated tools or checklist-based assessments, crowdsourced researchers think and act like real adversaries. They use creativity, novel attack chains, and non-standard techniques, making the testing more representative of actual threat scenarios
- Scalability and flexibility: Organizations can quickly scale testing up or down as needed, adding or refining methods, whether for a quick, focused assessment or a continuous, always-on vulnerability hunt. This flexibility supports both agile development cycles and long-term security programs, adapting to specific organizational goals
- Faster discovery and remediation: With multiple researchers testing simultaneously, vulnerabilities are often found faster than in traditional security engagements. This speed shortens the window of exposure and allows teams to remediate before threats are exploited by actual malicious actors
- Quantifiable security ROI: Metrics like vulnerabilities found, mitigated losses by vulnerability type, and criticality levels are valuable in quantifying the investment compared to the cost of a proactive crowdsourced security program. Return on Mitigation (RoM) is a specific framework designed to help demonstrate the program’s tangible value to leadership and boards
Many Hands Make Light Work
As cybercrime continues to rise at an exponential rate, organizations find themselves in the eye of the storm. A convergence of legacy architecture, under-resourced in-house security teams and tight budget constraints makes them prime targets for well-organized threats increasingly looking to exploit the sensitive information they hold.
Crowdsourced security is not a replacement for internal teams. It is a strategic extension of them, enabling public sector organizations to surface risk earlier, remediate faster, and build resilience at a pace aligned with today’s threat landscape.
Crucially, this model allows organizations to align testing intensity with risk exposure — increasing scrutiny during major digital transformation initiatives while maintaining continuous oversight of critical systems.
