BLUF: This proposal aims to identify the various viewpoints regarding human contribution to cyber threats. There will also be an explanation of the trade-offs of training and additional cybersecurity technology and how both factors can be balanced. As a Chief Information Security officer, there will also be a proposition of how the limited funds will be allocated between training and introducing additional cybersecurity technology.
Viewpoints regarding human contribution to cyber threats:
It is a common viewpoint that human behavior typically leads to cyber threats due to, human error. This is why there is a Zero Trust rule which emphasizes that no entity should be trusted without verification (Terry, 2025). As humans, we strive for efficiency. This can lead to finding the easiest and fastest way possible to achieve something. However, this can be risky especially in the cyber world (Capone. 2018). As a result of this, some argue that removing people entirely from the process is the best bet (Capone. 2018). An example as to why people should not be involved in cybersecurity is evident in the statistic that states that 43% of data breaches are caused internally (Capone. 2018). Some other examples of human contribution to cyberthreats include falling for phishing emails, weak password practices and accidental data leakage (Hamayun, 2023). Whilst humans contribute to a great deal of cyber threats, humans are also very beneficial to ensuring data security in a company.
Balancing the trade-offs of training and additional cybersecurity technology:
One solution to preventing cyber threats as a result of human contribution is training. However, training can have many trade-offs such as costs, timing issues and quality (Anna, 2023). Therefore, companies have to guarantee that when investing into training employees to mitigate cyber threats, it contributes to long term benefits for the company’s overall growth. Alongside this, adopting additional cybersecurity technology is essential to preventing cyber threats especially as we move into a digital age. This too also has many trade-offs as new technology introduces new risks (Cybersecurity Risks and Data Privacy Tradeoffs, n.d.). Some of these trade-offs include increased costs and the risk of a false sense of security. Despite there being a plethora of trade-offs with training and additional cybersecurity technology, both hold value and the advantages seem to outweigh the disadvantages. Therefore, there needs to be a balance between both factors to ensure that a company is able to keep information secure from human errors and cyber threats. It is up to the discretion of the company to decide which factor should hold more weight.
My proposition of allocating limited funds:
As the Chief Information Security Officer, it has come to my attention that there is a limited budget, and this is in conflict with the efforts of trying to balance training and providing additional cybersecurity technology. Through research, it is evident that both will be beneficial for the company’s growth and will help in mitigating cyber threats. Therefore, my first suggestion is that the limited budget must be shared between the two as both will play a critical role. It is evident that human error greatly leads to cyber threats and so for that reason, I suggest that 60% of the limited budget should go towards training. This is because, employees are a big part of the company, and this is demonstrated even with the implementation of cybersecurity technology. Therefore, investing a larger portion of the fund into training will help to mitigate cyber threats. The training will educate employees on what to do and what not to do such as, having phishing awareness. My final suggestion is to allocate the remaining 40% to providing additional cybersecurity technology. This is because whilst training is important, technology can be useful in preventing risks especially if the technology is advanced in nature. Some technologies are able to perform tasks that humans are unable to do so by using a 40% portion of the fund to provide additional technologies will be advantageous to the company.
Conclusion:
To conclude, there has been a discussion concerning the viewpoints regarding human contributions to cyberthreats. There has also been an exploration of balancing the trade-offs between training and providing additional cybersecurity technology. As the Chief Information Security Officer, I have also proposed that due to the limited budget, 60% should be contributed to training and 40% should go towards providing additional cybersecurity technology.
References
Anna. (2020). Advantages & disadvantages of employee training. Advantages & disadvantages of employee training | Easy LMS
Capone, J. (2018). The impact of human behavior on security. Capone – The impact of human behavior on security – Google Docs
Capone, J. (2018). The impact of human behavior on security. Capone – The impact of human behavior on security – Google Docs
Capone, J. (2018). The impact of human behavior on security. Capone – The impact of human behavior on security – Google Docs
Cybersecurity Risks and Data Privacy Tradeoffs. (n.d.). Cybersecurity Risks and Data Privacy Tradeoffs – IEEE Digital Privacy
Hamayun, M. (2023) The human Factor of Cyber Security. The Importance of the Human Factor in Cyber Security – Check Point Blog
Terry, R. (2025). Zero Trust Security Explained: Principles of the Zero Trust Model. What is Zero Trust? – Guide to Zero Trust Security | CrowdStrike