Surviving Below the Cybersecurity Poverty Line

The Daily Raptor: Delivering cybersecurity market insights — respected by cyber ops, trusted by sales reps, yet feared by legal & compliance everywhere

Received this from a friend? Sign Up Here —> dailyraptor.com.

The Daily Raptor
Tuesday, July 15th, 2025 Edition

Cybersecurity veteran and former Intel CISO, Malcolm Harkins (currently Chief Security and Trust Officer at HiddenLayer), once introduced the concept of the “cybersecurity poverty line”—a striking way to describe the divide between the cybersecurity “haves” and “have-nots.” He was pointing to a harsh truth: the organizations most in need of robust cyber protection often have the fewest resources to defend themselves. That was then. The reality hasn’t changed. In fact, it’s only intensified.

Today, small and mid-sized businesses (& underfunded local governments) are under siege from a relentless and increasingly sophisticated wave of cyber threats. Unlike larger enterprises, these firms rarely have access to advanced monitoring, prevention, or response capabilities. Operating below the cybersecurity poverty line, SMBs have become high-probability, high-impact targets for threat actors.

The numbers are stark: 46% of all successful cyber breaches now strike companies with fewer than 1,000 employees. Even more alarming, ransomware succeeds in 88% of attacks on SMBs. But the aftermath is what truly stings—over 60% of small businesses that experience a successful cyberattack never reopen. Behind each breach is not just an incident, but often the end of a business.

Attackers have adapted to today’s mobile, agile workforce. They exploit IT helpdesks and business processes through social engineering tactics, turning a company’s own efficiency into a vulnerability. These are systemic weak points being manipulated at scale.

Kelly Jones, Chief People Officer at Cisco—a senior executive (and company) long known for championing security capabilities across organizations of all sizes—has emphasized that in the age of AI and automation, the human employee may well be the hero. Especially in SMBs, where security teams are lean and resources are stretched, people often serve as the last line of defense. In a threat landscape dominated by social engineering, even the most sophisticated technical controls can be bypassed by a convincing email or phone call. In that context, employee vigilance, awareness, and training aren't just helpful—they're essential.

This is more than a cybersecurity problem—it’s an economic one. SMBs account for approximately 44% of U.S. GDP. Nearly half of the nation’s economic output is tied to a sector operating with critical exposure. In an era where attacks are increasingly automated, scalable, and AI-driven, this segment has the most to lose—and so does the economy around it.

The visuals below bring this reality into sharp focus, outlining the attack distribution, economic impact, and strategic vulnerabilities that demand urgent executive attention and decisive action.

As we confront the growing threat posed by the cybersecurity poverty line, it's essential to recognize that this isn’t just a tech gap—it’s a national economic vulnerability. Small to midsize businesses alone account for nearly 44% of U.S. GDP, and they often operate with limited cybersecurity resources. Their exposure is our exposure.

Meanwhile, essential public institutions like local governments, K–12 schools, and healthcare providers—while not direct GDP contributors—are critical to the functioning and stability of the communities these businesses depend on. Managed Service Providers (MSPs), long trusted to fill resource and expertise gaps, remain a promising part of the solution—if properly secured and governed. But as reliance on MSPs grows, so too does their appeal as high-value targets for nation-state and criminal actors exploiting the supply chain. Mitigating this risk demands sustained investment, strategic coordination, and a reframing of cybersecurity as core to both economic and civil security. Until we address this foundational imbalance, the cybersecurity poverty line will not only persist—it will quietly undermine our resilience from the inside out. //

Have a great week, Raptor Community!
Stay sharp. Stay curious. And let’s all stay safe.

The DR Team
/smb