How to survive below the cybersecurity poverty line

The security poverty line broadly defines a divide between the organizations that have the means and resources to achieve and maintain mature security postures to protect data, and those that do not. It was first coined by cybersecurity expert Wendy Nather in 2011, and the concept is just as relevant today as it was then (if not more so). It has widely become the benchmark for acceptable cybersecurity, often associated with factors such as company size, sector and disposable income, but also know-how and appetite for recognizing and addressing security inadequacies.

Generally (but not always), those “above” the security poverty line are larger, private-sector businesses with the money, talent pool, and durability required to meet basic but highly important cybersecurity standards. Below it are typically small, young businesses or those that operate in cash- and resource-strapped sectors (though this is not a universal fact).

Being below the security poverty line is unenviable for any organization, because it not only means they are likely to either lack the assets to keep data effectively secure or do not have the ability or inclination to do so, but they can also be prime targets for attackers and cybercriminals. “I see the cybersecurity poverty line as a mechanism for a reality check in all our industry conversations,” Fernando Montenegro, senior principal analyst at Omdia, tells CSO. “From practitioners to vendors, service providers, investors, analysts – all of us need to keep in mind that many organizations have, for a variety of reasons, limitations on how they do cybersecurity. This has profound downstream effects on everything from public policy to contract terms, hiring, and more.”

Who’s below the cybersecurity poverty line?

All types of businesses and sectors can fall below the cybersecurity poverty line for different reasons, but generally, healthcare, start-ups, small- and medium-size enterprises (SMEs), education, local governments, and industrial companies all tend to struggle the most with cybersecurity poverty, says Alex Applegate, senior threat researcher at DNSFilter. “Typically, each of them has very limited budgets, besides additional factors that affect each in different ways.” These include wide, cumbersome, and outdated networks in healthcare, small IT departments and immature IT processes in smaller companies/start-ups, vast network requirements in educational institutions, statutory obligations and limitations on budget use in local governments, and custom software built around specific functionality and configurations in industrial businesses, he adds. Critical National Infrastructure (CNI) firms and charities also commonly find themselves below the cybersecurity poverty line, for similar reasons.

  • There are no suggestions because the search field is empty.
Latest posts
CIO Influence Interview with TK Keanini, CTO of DNSFilter CIO Influence Interview with TK Keanini, CTO of DNSFilter

TK is a leader in technical innovation, specializing in the identification and protection of intellectual properties. With a background in game development and information security, he balances design’s social and technical aspects. Known for his ability to acquire top talent and build high-performing teams at DNSFilter.

Balancing DNS Blocking And Filtering: How To Protect Your Users Without Becoming Big Brother Balancing DNS Blocking And Filtering: How To Protect Your Users Without Becoming Big Brother

The internet can be a double-edged sword. Although it’s obviously opened up worlds of possibility, to put it mildly, it’s also made it easier for harmful material to proliferate and created a whole new industry of scams and cyberattacks. 

DNSFilter Welcomes Cisco Veteran TK Keanini as CTO DNSFilter Welcomes Cisco Veteran TK Keanini as CTO

Industry leader brings customer focus and passion to cybersecurity startup

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.