In my professional opinion we should allocate 70% of the remaining $1,000,000 to employee training because even the best cybersecurity technology can’t prevent human mistakes. Most breaches begin because our employees are unaware of certain dangers and unknowingly expose our systems to attacks. By investing in training, our organization is strengthening the first line of defense, the employees, they can recognize threats and avoid risky behavior. While Technology is important, without informed users, it’s like locking the front door and leaving the window wide open. The remaining 30% will be allocated to various security systems that will be explained below.
Training Importance
While the importance of advanced technologies is important in cybersecurity, new systems would be useless if our employees had no knowledge of their capabilities and functions. Cybersecurity Technology like firewalls and antivirus software helps block hackers and viruses, but it can’t prevent human error. Cyber problems occur due to the mistakes of poor cyber-security training, specifically, clicking on fake emails or using weak passwords (Verizon, 2023). Training should be at the forefront of funds we have left. Teaching workers how to spot system breaches and various cyber-attacks as well as handle data safely can prevent big problems. The goal of your information security program should be to provide reasonable assurance that you have made informed decisions related to the security of your information. (SANS Institute, 2022).
Remaining Funds for Technology
Though I’ve stated my opinion on allocating much of the remaining funds to training, there are several systems we should save the remaining 30% for. There are systems that are vital to our organization we can fund with the remaining resources. Protection software is critical for defending devices against malware, ransomware, and phishing attacks. Solutions like Bitdefender and Avast offer affordable, cloud-managed options suitable for businesses (Rubenking, 2025). Firewalls prevent unauthorized access and filter network traffic. Cloud-based firewalls are particularly cost-effective for businesses using online services (Defendify, 2025). Lastly a multi-factor authentication creates more security by requiring more than just a password, and many providers offer free or low-cost tools that integrate easily with existing systems (Box, 2025).
Conclusion
To summarize the overall goal of this article, providing 70% or $700,000 for the training of our employees is more important than for our cybersecurity technologies. Problems occur due to the mistakes of poor cyber-security training. We cannot safely secure our systems if our employees are unaware of their own mistakes that expose our organization’s data. We should use 30% or $300,000 of the remaining funds to our Cybersecurity technology, specifically in firewalls, multi-factor authentication, and protection software. Considering my proposal will be beneficial to our company and improving overall cyber-security.
References
Defendify. (2025). Best cybersecurity for small business: Expert guide 2025. https://www.defendify.com/blog/best-cybersecurity-small-business-guide/
Rubenking, N. J. (2025, November 11). The best small business cybersecurity suites for 2025. PCMag. https://www.pcmag.com/picks/the-best-small-business-cybersecurity-suites
SANS Institute. (2022). Security awareness planning kit. https://www.sans.org/security-awareness-training/planning-kit/
Verizon. (2023). 2023 Data Breach Investigations Report. Verizon Enterprise. https://www.verizon.com/business/resources/reports/dbir/