Google has announced it paid a record-breaking $6.5 million through its Vulnerability Reward Programs in 2019.

Google’s VRPs rewards security researchers who find and report bugs so the company can address them. According to the company, 2019’s payout doubled what had been paid in any previous single year.

Programs such as this have become a critical tool for companies in the fight against hackers and cybercriminals. By relying on security researchers and “white hat” hackers, companies hope to find security vulnerabilities and bugs before cyber criminals, or “black hats.”

According to Google, “since 2010, we have expanded our VRPs to cover additional Google product areas, including Chrome, Android, and most recently Abuse. We’ve also expanded to cover popular third party apps on Google Play, helping identify and disclose vulnerabilities to impacted app developers. Since then we have paid out more than $21 million in rewards.”

Although $6.5 million is a sizable amount, it pales in comparison to the cost of an exploited security vulnerability or data breach. In fact, according to a study sponsored by IBM Security, the average cost of a single data breach is $3.92 million. In view of the number of bug fixes that $6.5 million facilitated, it seems like quite the bargain.