The Human Factor in Cybersecurity

Cyber security is not only made of firewalls and viruses. For cyber security to even exist there must be people who need it. This paper will discuss how to balance spending on technology and the people needed to run it. 

Budget 

It is important to take an organization’s budget into consideration when considering how to divide the money that goes towards technology or the human element of training personnel. Both are important to have and in an ideal world with an unlimited budget one wouldn’t have to worry about dividing funds to go to technology or training. Unfortunately we do not live in an ideal world so that means that dividing up costs must be made. In this write up we will be working with a larger imaginary company this means a larger budget but more costs. 

Technology  

The best way to divide up a budget is to first realize what one’s expenses will be. The best way to do this is to conduct a tiered threat analysis. After the tiered threat analysis has been conducted and potential threats as well as how likely they are to happen and how much damage they would do has been noted it is important to buy all the technology needed to be able to combat the threats. The amount of money spent on technology should be proportional to the likelihood of it happening and the damage it could cause to the organization. It is important to buy the technology first because it doesn’t matter how much money you give your employees if they don’t have the technology to do anything it doesn’t matter (Wadhwa).

Training

After all the necessary technology has been purchased to keep an organization safe it is then important to begin training employees. The money remaining for training employees should be divided the same way that purchasing technology is done. Threats, possibility, and damage must be accounted for and then training conducted on those areas. Some areas that training could be done on is phishing, data handling, stopping mistakes, safe online activity, and developing better policies (Whitelaw).

Conclusion 

It is important to build up the human elements and technology of a business to keep it safe from threats. It is important to first buy all of the technology needed to protect an organization and then the rest of the budget can go into training. It is important that the money spent on technology is well balanced so there can be a sufficient amount of money left to  train people because if people don’t know how to use the technology then it won’t be of use to anyone. To oversimplify the question to how the budget should be balanced one should buy all the technology needed to protect the company based off of a tiered assessment then using the rest of the budget spend it on the human factor focusing  it on areas that need improvement.

Works Cited

Wadhwa, Payal. “How to Effectively Plan Your Cybersecurity Budget for 2025? – Sprinto.” Sprinto, 26 Mar. 2025, sprinto.com/blog/cybersecurity-budget/#Steps_to_create_an_effective_cybersecurity_budget. Accessed 3 Apr. 2025.

Whitelaw, Findlay . “The Human Element of Insider Threats – 3 Key Drivers of Accidental Insider Threats.” Securonix, www.securonix.com/blog/the-human-element-of-insider-threats-3-key-drivers-of-accidental-insider-threats/.