How to survive below the cybersecurity poverty line

The security poverty line broadly defines a divide between the organizations that have the means and resources to achieve and maintain mature security postures to protect data, and those that do not. It was first coined by cybersecurity expert Wendy Nather in 2011, and the concept is just as relevant today as it was then (if not more so). It has widely become the benchmark for acceptable cybersecurity, often associated with factors such as company size, sector and disposable income, but also know-how and appetite for recognizing and addressing security inadequacies.

Generally (but not always), those “above” the security poverty line are larger, private-sector businesses with the money, talent pool, and durability required to meet basic but highly important cybersecurity standards. Below it are typically small, young businesses or those that operate in cash- and resource-strapped sectors (though this is not a universal fact).

Being below the security poverty line is unenviable for any organization, because it not only means they are likely to either lack the assets to keep data effectively secure or do not have the ability or inclination to do so, but they can also be prime targets for attackers and cybercriminals. “I see the cybersecurity poverty line as a mechanism for a reality check in all our industry conversations,” Fernando Montenegro, senior principal analyst at Omdia, tells CSO. “From practitioners to vendors, service providers, investors, analysts – all of us need to keep in mind that many organizations have, for a variety of reasons, limitations on how they do cybersecurity. This has profound downstream effects on everything from public policy to contract terms, hiring, and more.”

Who’s below the cybersecurity poverty line?

All types of businesses and sectors can fall below the cybersecurity poverty line for different reasons, but generally, healthcare, start-ups, small- and medium-size enterprises (SMEs), education, local governments, and industrial companies all tend to struggle the most with cybersecurity poverty, says Alex Applegate, senior threat researcher at DNSFilter. “Typically, each of them has very limited budgets, besides additional factors that affect each in different ways.” These include wide, cumbersome, and outdated networks in healthcare, small IT departments and immature IT processes in smaller companies/start-ups, vast network requirements in educational institutions, statutory obligations and limitations on budget use in local governments, and custom software built around specific functionality and configurations in industrial businesses, he adds. Critical National Infrastructure (CNI) firms and charities also commonly find themselves below the cybersecurity poverty line, for similar reasons.

  • There are no suggestions because the search field is empty.
Latest posts
DNSFilter Extends Partnership with DCC Netherlands BV in Benelux Region DNSFilter Extends Partnership with DCC Netherlands BV in Benelux Region

Distribution relationship offers DNS security to regional MSPs, partners and businesses

DNSFilter's Guardian VPN Now Available with eero Plus for FireOS and Android DNSFilter's Guardian VPN Now Available with eero Plus for FireOS and Android

WASHINGTON, D.C. – April 2, 2024 – DNSFilter announced today that its VPN product, Guardian, was recently added toeero’s premium subscription,eero Plus, for FireOS and Android devices in addition to support on iOS. Guardian’s VPN is easy for customers to install and helps provide browsing security and privacy to consumers if they are away from their networks. 

Protective DNS is the No-Brainer Fix to Safer Public Wi-Fi Protective DNS is the No-Brainer Fix to Safer Public Wi-Fi

As guest and public Wi-Fi services grow in speed, quality, and popularity – in part driven by poor 5G indoor coverage – the issue of Wi-Fi security once again looms large. DNSFilter says four out of five security breaches involve DNS, and that both malware and phishing is sharply on the rise. The company offers an elegant solution to block out the majority of malicious actors on public Wi-Fi networks. 

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.