Intro:
When it comes to balancing training and additional cybersecurity technology, it is
important to understand how important cyber training is for your organization. Well, in 2023,
over 70% of data breaches involved human elements. 20% of security breaches were due to a
remote worker. And the biggest one, 1 in 3 data breaches, involves phishing. A cyberattack
aimed to get your sensitive information through deceptive emails and messages. Google’s AI,
when asked the question “Stats on how much training prevents data breach and phishing attacks
over the past 5 Years”, told me that phishing rates would go down by 86% if proper training for
said cyberattacks was provided to employees.

How would you allocate your limited funds?
Training (40%)
Additional Cybersecurity Technology(60%)

How would you balance the tradeoff of training and additional cybersecurity
technology?
I would balance the tradeoffs of training and additional cybersecurity technology by
prioritizing funds for training over cybersecurity technology. A bigger portion of my funds
would go to training compared to additional cybersecurity technology. This is due to the
potential financial, mental, and emotional losses you could incur if you don’t have the correct
cyber training. It leaves your organization or business with many vulnerabilities that could be
exploited. Something I found interesting is that the average cost for a data breach in 2022 was
just below $4.35 million for an organization. Something that has never been beaten before then.

Citations:
1. CybSafe. (2023, April 4). 7 reasons why security awareness training is important in
2023. CybSafe.
https://www.cybsafe.com/blog/7-reasons-why-security-awareness-training-is-import
ant/ Cyb
2. Cloudflare. (n.d.). What is a phishing attack? Cloudflare.
https://www.cloudflare.com/learning/access-management/phishing-attack/