The Human Factor in Cybersecurity

During this week’s reading, you’ve been exposed to different points of view regarding human contribution to cyber threats. Now, put on your Chief Information Security Officer hat. Realizing that you have a limited budget (the amount is unimportant), how would you balance the tradeoff of training and additional cybersecurity technology? That is, how would you allocate your limited funds? Explain your reasoning.

Budget Proposal

In cybersecurity, the best way to ensure your company is well protected is to invest in the best technology possible and train your employees. If I were the chief information Security Officer for a company, I would allocate about 60% of the budget to training and risk management for our employees and then direct the remaining 40% to purchasing and updating the technology needed for the company. By ensuring that all employees are well-trained and aware of the risk of using technology, we can mitigate or prevent damages that may arise.

In cybersecurity, the human firewall plays a significant role in a company’s success since employees can be significant assets but also present vulnerabilities (The Human Factor in Cybersecurity, 2024). Considering that employees will present the most significant risk when it comes to the security of a company, making sure that they are aware of cybercrime will ensure that they are alert when using the technology within the company and accessing sensitive data. As stated in the article The Human Factor of Cybersecurity from securityscorecard.com, while most people are aware of outside threats, a more significant concern is the unknown threats from within a company. While investing in training for employees is a great way to spread awareness, the threat of data leaks could still be present due to employee negligence, and the exploitation of privileges for personal gain or malicious intent also poses a threat (The Human Factor in Cybersecurity, 2024). The article also states that Social engineering plays a significant role when it comes to cybersecurity because cybercriminals may utilize phishing emails, baiting, and other manipulative tactics to get employees to divulge sensitive information or perform actions that may compromise the security of the company (The Human Factor in Cybersecurity, 2024). The article emphasizes that burnout, fatigue, and cognitive overload can impair decision-making and undermine the effectiveness of security measures within a company. The article strongly suggests that companies prioritize the well-being of their employees and encourage an environment of knowledge sharing and collaboration (The Human Factor in Cybersecurity, 2024).

After reading the article and gaining a better understanding of the importance that employees present for a company, I feel that the 60% of the budget I would allocate for training would be divided up with 40% going to training and refresher courses, and the remaining 20% would go towards programs and services that will assist employees if they are feeling overworked, fatigued, or burntout. I would also encourage an open door policy within the office to encourage everyone to share knowledge and feel comfortable to ask questions when concerns are raised. I would also implement policies and procedures using the NIST Framework as a guide to ensure that everyone knows how to prevent, halt, or mitigate damages if the company is ever presented with a threat. The training for my employees will consist of hands-on knowledge for any technology utilized within the company, and everyone will have training to identify present or future threats that may arise. While keeping up with the many technological advances is important the 40% of the budget allocated to that will buy the best equipment available with our budget constraints. Ensuring that all employees are well-versed on the equipment and that all updates are managed in a timely fashion will ensure that we are able to mitigate any risk that may come from not having the newest equipment available.

(2024, February 16). The Human Factor in Cybersecurity. Securityscorecard.com. Retrieved March 29, 2025, from https://securityscorecard.com/blog/the-human-factor-in-cybersecurity/