Well thats not completely true. Those who hack without any consent/permission may get into trouble and can be treated a illegal activities.

Organizations hire hacker directly or through some trusted platform like Hackerone, bugcrowd etc and allow then to find weaknesses in their network by performing penetration testing and hacking.