The Human Factor in Cybersecurity

Posted by jflem014 on

With a limited cybersecurity budget I would prioritize a balanced approach between

employee training and cybersecurity technology, slightly favoring training because human

error is the leading cause of cyber threats.

As a Chief Information Security Officer deciding how to allocate limited resources is

extremely important to protecting an organization from cyber threats. A lot of security

breaches happen not just because of weak systems, but because of human mistakes like

clicking phishing links, using weak passwords, or mishandling sensitive data. Because of

this I would use about 60% of the budget for employee training and 40% for cybersecurity

technology. Training employees through regular awareness programs, phishing

simulations, and policy education helps reduce the likelihood of successful attacks.

According to the National Institute of Standards and Technology, user awareness is a key

part of an effective cybersecurity framework (NIST, 2018). Since employees are often the

first line of defense, investing in training provides a strong return on investment and directly

targets one of the biggest vulnerabilities.

At the same time, cybersecurity technology is still very important and cannot be ignored.

Tools like firewalls, intrusion detection systems, endpoint protection, and multi factor

authentication provide necessary layers of defense that training alone cannot cover. Even

well trained employees can make mistakes or fall victim to advanced attacks, so having

strong technical controls in place helps detect, prevent, and respond to threats. This

combination of training and technology supports a “defense in depth” strategy, where

multiple layers of security work together to protect the organization. By putting training first

while still investing in technology, the organization can address both human and technical

risks effectively within a limited budget.

In conclusion the best approach to cybersecurity with limited resources is a balanced

investment in both training and technology, with a slight emphasis on training. This strategy

reduces human error while maintaining strong technical defenses, ultimately providing the

most effective overall protection.

References

National Institute of Standards and Technology (NIST). (2018). Framework for Improving

Critical Infrastructure Cybersecurity.

Verizon. (2023). Data Breach Investigations Report.

Leave a Reply

Your email address will not be published. Required fields are marked *