This was for an assignment about the human factor of Cybersecurity. How should money be handled regarding training and resources?

In a business world where zero trust policies are necessary, proper funding and management of funding for cybersecurity is one of the most essential parts of keeping a company safe from cyberattacks. For cybersecurity, human behavior plays an impactful role on company safety, as breaches can happen from employees falling for a simple phishing scam to employees being unhappy and causing an inside job (Capone). 

Where should the Funding go? Why? 

Figuring out the exact amount of funds to allocate would be difficult, but in general 30-40% of funds put into cybersecurity should be spent on employee salaries (Hernandez). Keeping an employee’s salary at about average or even higher would-be a near guarantee for employee satisfaction towards the company, lessening the risk of inside jobs, not to mention employees are the sole reason cybersecurity in the company is maintained. 

As for training programs, it should maintain to be at least 10% of the budget, since training should not only be for employees working in cybersecurity but instead be for all employees in the company. Companies nowadays rely much more on technology, so employees are most likely to be working with computers. Ensuring that a company’s employees know how to avoid viruses and scams will save easily avoidable money and data losses, which is why training should have a notable budget. Establishing training programs and performing regular phishing or scam tests can help a company detect vulnerable employees who may need more technological training, whilst also assuring that other employees can avoid in contributing to phishing attacks and data losses. 

For the remaining 50% of the budget, 40% should be spent on software, hardware, or other cybersecurity services if a company desires to have a third-party handle other necessary tasks. The remaining 10% should be saved for unexpected costs or emergency budget for possible data breaches, since there is no such thing as guaranteed safety from cyberattacks, and any discovered vulnerabilities should be immediately worked on (Hernandez). 

Citations 

ArkSolvers. (August 27^th, 2024). What are the Costs of Cybersecurity? What You Need to Know. Retrieved November 7^th, 2024, from https://arksolvers.com/what-are-the-costs-of-cyber-security/ 

Capone, Jeff. (May 25, 2018). The Impact of Human Behavior on Security. Retrieved November 7^th, 2024, from https://docs.google.com/document/d/1J3v_V167mktbGVynbtHW8yHXW9onjaBzVASo-behDfY/edit?tab=t.0 

Hernandez, John. (November 27, 2023). Top Considerations when Creating a Cybersecurity Budget. Retrieved November 7^th, 2024, from https://blog.quest.com/top-considerations-when-creating-a-cybersecurity-budget/