India’s ethical hackers now represent the biggest nationality within Bugcrowd’s network of security researchers, according to the firm’s annual report issued yesterday titled of “Inside the Mind of a Hacker.”

The share of the country’s Bugcrowd survey respondents jumped 83 percent from 2019, putting India in first place ahead of the U.S., the vulnerability disclosure service reported. The exponential jump catapulted India into first place with the country being called home by 34 percent of the 3,493 survey respondents from 109 countries, compared with the 26 percent who call themselves Americans. In 2019, the U.S. led with 27 percent, but this year it fell to 10 percent of BugCrowd’s total denizens, who interacted with the platform 7.7 million times.

Among the findings, 18 percent of the researchers regard the work as their full-time job, dedicating up to 14 hours a week to the Bugcrowd platform, and 70 percent of them test web applications.

“Traction among new researchers in emerging markets like India and Bangladesh signal that Bugcrowd’s economy of cybersecurity is advancing at a speed relative to the shadow economy of cybercrime,” the report stated.

While most of the bounty cash earned in 2019 came from organizations in the U.S., South Korea, and Australia, this year the majority of those who collected payments reside in India, U.S., and Canada.

Bugcrowd said it realizes the findings and geographic shift might not be indicative of the world’s entire hacker population, who reside on six of the world’s seven continents.

Yet the report sheds light on ethical hackers’ motivations for why they chose this livelihood at a fairly young age despite their diverse cultural backgrounds.   

Money is definitely a factor with a median of 64 percent of them reporting annual income of $25,000 or less and 21 percent earned between $25,000 and $75,000. Only 1 percent earned over $200,000 and the big money earners were rounded out by 4 percent making $125,000 to $200,000, and another 4 percent at the $100,000 to $125,000. Almost half (47 percent) reported that their Bugcrowd earnings were exceeding expectations.

It’s a young person’s game for the respondents, of whom 53 percent are under the age of 24, 32 percent are 25 to 34 years old, whereas the other fall into 35-44 (9 percent), under 18 years old (4 percent), and over 45 (2 percent). Only a quarter of them report having another occupation unrelated to information technology or security. Nearly two thirds (73 percent) speak two or three languages, and 16 percent speak three or more languages.

Almost half (46 percent) of the bounty hunters ethnically are Asian or Pacific Islander, almost a quarter (24 percent) said they’re Caucasian, almost a fifth (19 percent) said they identified as “Other” ethnically, 5 percent said they were Native American, and 3 percent each for Hispanics and African Americans. Gender-wise, 94 percent identify as male and 6 percent as female.

Bugcrowd’s sample found that these security researchers support large households with 43 percent live with three to eight other people, with 52 percent living with up to 3 other people, and 5 percent nine to 12 other people.

The report provides profiles on five real hackers.