Austin Hildenbrand 

11/17/2024 

CYSE 200 

The Human Factor in Cyber Security 

The human factor in cybersecurity refers to the role that individuals—employees, contractors, and even third-party vendors—play in either strengthening or undermining an organization’s security posture. In this case, it is referred to as how humans can be an asset or liability to a corporation or entity. Corporations and Businesses should focus more of their time and money on training employees, rather than buying cybersecurity technology. 

Humans are the Weak Link 

A significant number of cyber incidents, including data breaches and ransomware attacks, result from human error—whether it’s falling for phishing emails, weak passwords, or mishandling sensitive data. The 2024 Data Breach Investigations Report from Verizon says, “Even the best cybersecurity technology can be bypassed if employees are not educated on the threats and security best practices.”  Their research complies with all the known data breaches in 2024 as of September and includes evidence to support the statement that humans are the weak link in cybersecurity. 

Cost Effectiveness 

While advanced cybersecurity technologies are critical, they can be very expensive, especially for small to medium-sized businesses. Training emplyees is not only more beneficial because they are a weak link but are also cheaper to train. The time and energy it takes to train an employee on phishing attacks or what the system looks like if it is being breached is more beneficial than the millions of dollars companies spend on software and firewalls. Ponemon Institute studied the cost of Data Breaches in 2020 and their cause, which included information on Ransomware attacks and Phishing attacks. 

Security Culture is Key 

A strong culture of security within an organization encourages vigilance at all levels. Employees who are educated about the risks are more likely to take proactive steps to protect the company, such as reporting suspicious emails, using strong passwords, or following safe browsing practices. This cultural shift is something that technology alone can’t achieve. IBM gave information from a Data Breach Report saying, “Raising awareness to the cybersecurity issue, provides a mitigation technique that is free of charge.” 

Conclusion 

The budget split would not be 100/0 in favor of training employees, as there is still a need for cybersecurity technology, but I believe the budget should be around 60/40. While technology provides the necessary tools to protect against and respond to cyber threats, human error is still the leading cause of breaches. Investing in employee training to raise awareness and improve security habits is often the most effective and cost-efficient way to minimize risk. Ideally, the best approach is a balance—strong tech defenses and well-trained employees working together to create a holistic cybersecurity strategy, but if there had to be a choice for which is more important, it would be for employee training.