Abdul Barrie
Write- Up: The Human Factor in Cybersecurity
04/02/2023
The human factor is one of the most important factors to consider when it comes to
cybersecurity. Human mistakes continue to be the biggest cause of security breaches,
notwithstanding the gains that have been made in security solutions. According to IBM’s report on the cost of a data breach for the year 2020, human mistakes are the root cause of 23 percent of all data breaches. As a result, it is imperative to place a priority on the education and training of humans in the field of cybersecurity in order to lower the risk of cyberattacks.

Yet, striking a balance between the cost of extra cybersecurity equipment and the cost of further training can be a difficult undertaking, particularly when working with a constrained budget. The size of the company, the level of risk, and the kind of data that is being protected are some of the elements that will play a role in the decision that must be made on how limited funds should be allocated between training and technology.

Doing a risk assessment is the first thing that needs to be done before deciding how to
divide up the available funds. The identification of potential vulnerabilities and threats to an organization’s network, data, and information systems is one of the tasks involved in conducting a risk assessment. With this knowledge, firms are able to prioritize their cybersecurity needs and assign resources in accordance with those priorities. For instance, a company that knows it has a high risk of cyberattacks may decide that investing in technology is more important than training its employees.

Yet, it is essential to keep in mind that the use of technology alone is not sufficient to
ensure cybersecurity. Attackers are continually adapting their strategies, and new weaknesses are being found on a daily basis. For this reason, it is absolutely necessary to make financial investments in the training and education of staff members so that they are up to date on the most recent cybersecurity risks and the most effective procedures. Training staff on how to recognize phishing emails, how to generate secure passwords, and the need of maintaining up-to-date software are some examples of this type of measure.

Online courses, webinars, and in-person workshops are all examples of cost-effective
forms of professional development that companies may want to consider when resources are restricted. These training choices can be adapted to meet the distinctive requirements of the firm. Furthermore, they can be provided over the internet, which helps employees save money on transportation and lodging expenses.

In addition to training, businesses should also consider making investments in
cybersecurity technologies that are both efficient in terms of cost and offer the highest possible level of protection. For instance, purchasing a firewall for the organization’s network might add an extra layer of defense against potential threats. Also, making an investment in anti-malware software can assist in the detection and removal of malware from the systems utilized by the firm.

Nonetheless, it is essential to keep in mind that purchasing more equipment is not, by
itself, sufficient to ensure cybersecurity. It is of the utmost importance to guarantee that the technology is set up appropriately and that personnel are properly educated on how to make efficient use of it. It is possible, for instance, for a firewall to become useless if it is not configured appropriately or if one of the company’s employees accidentally turns it off. Hence, it is essential for businesses to establish a balance between their investments in technology and in training. Putting all of your money into technology rather than training your

Work Cited
New Markets Team Telefónica Tech Cyber & Cloud New Markets Team. “Human Factors in Cybersecurity: Protect Yourself.” Think Big, 20 Dec. 2022, https://business.blogthinkbig.com/human-factors-in-cybersecurity/#:~:text=The%20human%20factors%20in%20Cybersecurity,for%20a%20company%20or%20organization.