In cybersecurity, there are the haves and have-nots. For the latter, improving their security posture to defend against threats is rarely straightforward. While attackers become more high-tech, the gap between ‘the cyber 1%’ and those companies below the ‘cybersecurity poverty line’ grows wider. That poses a threat to all companies. 

What is the cyber poverty line? Why does it matter to your business, and what can you do to protect yourself? 

What Is the Cyber Poverty Line (CPL)?

The cyber poverty line (CPL) is a threshold that divides all organizations into two distinct categories: those that are able to implement essential measures well and those that are unable. 

Wendy Nather, head of advisory CISOs at Cisco, first coined the concept in 2011. Since then, Nather’s theory has been widely adopted as the benchmark for acceptable cybersecurity posture. Chris Krebs added the concept of a ‘cyber 1%’ in a talk at a Gartner conference in 2020. 

The cyber 1% are the most capable and actively able to defend against threats, regardless of their industry. These companies possess the resources, culture and structure to maintain an elite security posture well-matched with attackers. 

For other companies, getting above the cybersecurity poverty line should be the minimum standard. If they don’t, they remain exposed to a breach and the damaging impact of such an attack on their data security, budget and company reputation.  

The Difference Between the Cyber 1% and the Rest 

To understand what separates those on either side of the line, let’s consider six key factors:


Thriving enterprises are attractive targets for attackers, even more so those in the financial sector (for obvious reasons). However, there is no hard and fast rule here. Attackers also target smaller businesses with more modest revenues. 

  • The cyber 1%: Tend to have larger revenues, enabling greater investment.

  • Those below the CPL: More modest revenue, with smaller profits.


Without a sufficient IT budget, you will run into problems. Regardless of your revenue and profit, it’s essential to invest enough to build robust security programs and train teams to manage them. 

  • The cyber 1%: Spend heavily on recruitment, training and employee training, as well as investing in the latest tech and infrastructure. 

  • Those below the CPL: Tend to make do with aging software and hardware, often run by overstretched teams that don’t have enough time or resources.


“It really takes a village to make progress,” explains John Hammond, a senior security researcher at Huntress. “We know that attackers are collaborating and sharing threat intel, so the industry should, too.”

  • The cyber 1%: Aims to increase diversity in the company skillset so they can leverage the threat intelligence of multiple seasoned workers.

  • Those below the CPL: Face regular challenges due to knowledge gaps or skills shortages. 


A security operations center (SOC) assures your company round-the-clock protection. However, not every organization has the resources to build its own or even manage a credible freelance SOC. 

  • The cyber 1%: Develop an in-house SOC that is customized to their needs — including seasoned SOC analysts and powerful tools like SIEM.

  • Those below the CPL: Lack the resources and structure for an in-house SOC. Even if they outsource it, some may struggle to stay one step ahead of attackers.


The chief information security officer (CISO) is the executive leader who oversees information and data security. 

  • The cyber 1%: Has a CISO to manage the IT budget, oversee security training and awareness programs and ensure the company can safeguard against known attacks.

  • Those below the CPL: Lack a CISO or experienced security professional to drive IT investment or correctly prioritize the allocation of cybersecurity resources. 


If employees are more aware of the threat landscape, they will be less likely to fall prey to attacks. 

  • The cyber 1%: Nurtures a company-wide culture of security by training employees on best practices. 

  • Those below the CPL: Don’t openly share and talk about cybersecurity, which means employees have less power to contribute.

How to Rise Above the Cybersecurity Poverty Line

While budget and investment are huge factors in whether a company can reach the cyber 1%, those with limited capital can still develop a healthy posture that puts them above the CPL. 

Here are five steps to improve your standing.

Invest More

As your revenue grows, try to allocate more of your budget to safeguard your data, infrastructure and financial accounts. Small steps can have a big impact, like these:

  • Make multi-factor authentication and virtual private networks essential on all devices
  • Develop reporting systems so everyone can flag issues at an early stage
  • Conduct regular meetings to share information.

Empower Every Employee

When attackers look for entry points, they can exploit any credential or device. Every single endpoint is a potential chink in a company’s armor. To combat this threat, every employee must become their own line of defense. 

Some ways you can help your team:

  • Provide training on how to spot common attacks, like phishing emails
  • Encourage safe browsing best practices, such as using a password manager
  • Send a company-wide email newsletter with tips on personal security. 

Tailor Training Delivery to Suit Your Needs

The challenge for many companies is the lack of time or resources to educate employees. Trying to upskill teams while running a business can lead to burnout. 

Here’s a flexible solution that you can use if you can’t afford to hire security workers with specific skill sets:

  • Focus on your current team with a rotation approach to training
  • Train one team for short bursts, like a few days or a week, while other teams continue with day-to-day business 
  • Continue to rotate, so there is always one team focused on upskilling. As you rotate training groups, the company’s awareness and defense capabilities will grow.

Adopt User-Friendly Tools

The mission becomes easier when you have the right tools: 

  • Choose unified software platforms rather than a large stack of point solutions
  • Look for intuitive programs that are easy for end-users to set up and learn
  • Avoid complex software that requires specialist personnel to operate.

Embrace Zero Trust

The zero trust framework assumes your business is always at risk. With this approach, companies implement strict rules for authentication, authorization and validation for all network traffic. In turn, this model offers greater protection for corporate data.

Bring People, Processes and Technology Together

Jeetu Patel, Cisco EVP for security and collaboration, says cybersecurity measures will soon reach human-rights issue status. For now, organizations must focus on what they can do internally to get above the security poverty line.

The critical thing to realize is that cybersecurity poverty doesn’t just impact organizations with low cash flow. Simply providing money will not address other underlying factors, like a disconnected tech stack or siloed company structure that doesn’t openly discuss security issues.

In the end, a strong culture of security education and teamwork underpins the success of a company’s approach. Even if you lack the financial resources of the cyber 1%, astute investment in uniting people, processes and technology can help you establish a clear framework for cyber resilience.

More from CISO

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

Do You Really Need a CISO?

2 min read - Cybersecurity has never been more challenging or vital. Every organization needs strong leadership on cybersecurity policy, procurement and execution — such as a CISO, or chief information security officer. A CISO is a senior executive in charge of an organization’s information, cyber and technology security. CISOs need a complete understanding of cybersecurity as well as the business, the board, the C-suite and how to speak in the language of senior leadership. It’s a changing role in a changing world. But…

2 min read

What “Beginner” Skills do Security Leaders Need to Refresh?

4 min read - The chief information security officer (CISO) was once a highly technical role primarily focused on security. But now, the role is evolving. Modern security leaders must work across divisions to secure technology and help meet business objectives. To stay relevant, the CISO must have a broad range of skills to maintain adequate security and collaborate with teams of varying technical expertise. Learning is essential to simply keep pace in security. In a CISO Series podcast, Skillsoft CISO Okey Obudulu recently said,…

4 min read

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read