September 8, 2022 By C.J. Haughey 4 min read

In cybersecurity, there are the haves and have-nots. For the latter, improving their security posture to defend against threats is rarely straightforward. While attackers become more high-tech, the gap between ‘the cyber 1%’ and those companies below the ‘cybersecurity poverty line’ grows wider. That poses a threat to all companies.

What is the cyber poverty line? Why does it matter to your business, and what can you do to protect yourself?

What is the cyber poverty line (CPL)?

The cyber poverty line (CPL) is a threshold that divides all organizations into two distinct categories: those that are able to implement essential measures well and those that are unable.

Wendy Nather, head of advisory CISOs at Cisco, first coined the concept in 2011. Since then, Nather’s theory has been widely adopted as the benchmark for acceptable cybersecurity posture. Chris Krebs added the concept of a ‘cyber 1%’ in a talk at a Gartner conference in 2020.

The cyber 1% are the most capable and actively able to defend against threats, regardless of their industry. These companies possess the resources, culture and structure to maintain an elite security posture well-matched with attackers.

For other companies, getting above the cybersecurity poverty line should be the minimum standard. If they don’t, they remain exposed to a breach and the damaging impact of such an attack on their data security, budget and company reputation.

The difference between the cyber 1% and the rest

To understand what separates those on either side of the line, let’s consider six key factors:


Thriving enterprises are attractive targets for attackers, even more so those in the financial sector (for obvious reasons). However, there is no hard and fast rule here. Attackers also target smaller businesses with more modest revenues.

  • The cyber 1%: Tend to have larger revenues, enabling greater investment.

  • Those below the CPL: More modest revenue, with smaller profits.


Without a sufficient IT budget, you will run into problems. Regardless of your revenue and profit, it’s essential to invest enough to build robust security programs and train teams to manage them.

  • The cyber 1%: Spend heavily on recruitment, training and employee training, as well as investing in the latest tech and infrastructure.

  • Those below the CPL: Tend to make do with aging software and hardware, often run by overstretched teams that don’t have enough time or resources.


“It really takes a village to make progress,” explains John Hammond, a senior security researcher at Huntress. “We know that attackers are collaborating and sharing threat intel, so the industry should, too.”

  • The cyber 1%: Aims to increase diversity in the company skillset so they can leverage the threat intelligence of multiple seasoned workers.

  • Those below the CPL: Face regular challenges due to knowledge gaps or skills shortages.


A security operations center (SOC) assures your company round-the-clock protection. However, not every organization has the resources to build its own or even manage a credible freelance SOC.

  • The cyber 1%: Develop an in-house SOC that is customized to their needs — including seasoned SOC analysts and powerful tools like SIEM.

  • Those below the CPL: Lack the resources and structure for an in-house SOC. Even if they outsource it, some may struggle to stay one step ahead of attackers.


The chief information security officer (CISO) is the executive leader who oversees information and data security.

  • The cyber 1%: Has a CISO to manage the IT budget, oversee security training and awareness programs and ensure the company can safeguard against known attacks.

  • Those below the CPL: Lack a CISO or experienced security professional to drive IT investment or correctly prioritize the allocation of cybersecurity resources.


If employees are more aware of the threat landscape, they will be less likely to fall prey to attacks.

  • The cyber 1%: Nurtures a company-wide culture of security by training employees on best practices.

  • Those below the CPL: Don’t openly share and talk about cybersecurity, which means employees have less power to contribute.

How to rise above the cybersecurity poverty line

While budget and investment are huge factors in whether a company can reach the cyber 1%, those with limited capital can still develop a healthy posture that puts them above the CPL.

Here are five steps to improve your standing.

Invest more

As your revenue grows, try to allocate more of your budget to safeguard your data, infrastructure and financial accounts. Small steps can have a big impact, like these:

  • Make multi-factor authentication and virtual private networks essential on all devices
  • Develop reporting systems so everyone can flag issues at an early stage
  • Conduct regular meetings to share information.

Empower every employee

When attackers look for entry points, they can exploit any credential or device. Every single endpoint is a potential chink in a company’s armor. To combat this threat, every employee must become their own line of defense.

Some ways you can help your team:

  • Provide training on how to spot common attacks, like phishing emails
  • Encourage safe browsing best practices, such as using a password manager
  • Send a company-wide email newsletter with tips on personal security.

Tailor training delivery to suit your needs

The challenge for many companies is the lack of time or resources to educate employees. Trying to upskill teams while running a business can lead to burnout.

Here’s a flexible solution that you can use if you can’t afford to hire security workers with specific skill sets:

  • Focus on your current team with a rotation approach to training
  • Train one team for short bursts, like a few days or a week, while other teams continue with day-to-day business
  • Continue to rotate, so there is always one team focused on upskilling. As you rotate training groups, the company’s awareness and defense capabilities will grow.

Adopt user-friendly tools

The mission becomes easier when you have the right tools:

  • Choose unified software platforms rather than a large stack of point solutions
  • Look for intuitive programs that are easy for end-users to set up and learn
  • Avoid complex software that requires specialist personnel to operate.

Embrace zero trust

The zero trust framework assumes your business is always at risk. With this approach, companies implement strict rules for authentication, authorization and validation for all network traffic. In turn, this model offers greater protection for corporate data.

Bring people, processes and technology together

Jeetu Patel, Cisco EVP for security and collaboration, says cybersecurity measures will soon reach human-rights issue status. For now, organizations must focus on what they can do internally to get above the security poverty line.

The critical thing to realize is that cybersecurity poverty doesn’t just impact organizations with low cash flow. Simply providing money will not address other underlying factors, like a disconnected tech stack or siloed company structure that doesn’t openly discuss security issues.

In the end, a strong culture of security education and teamwork underpins the success of a company’s approach. Even if you lack the financial resources of the cyber 1%, astute investment in uniting people, processes and technology can help you establish a clear framework for cyber resilience.

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today