Budget Allocation for Training and Technology

Posted by mjone220 on

BLUF

To effectively mitigate cyber threats driven by human behavior and workplace
deviance, I would recommend allocating 40% of the budget to behavioral training and
60% to technical security. I believe this balance allows employees to act as a first line of
defense while technology provides a necessary safety net for human error.

The Human Element

I believe the human element is a major part of an organization’s security because
employee actions, whether intentional or accidental, can create serious vulnerabilities. By
investing in training, it would help turn employees into active defenders by changing
their behavior through hands-on activities such as phishing instead of just watching
training videos. Research shows that realistic, continuous training helps employees fall
for phishing attacks less often and improves their ability to recognize threats (Alluqmani,
2025). This approach creates a more alert workplace by clearly explaining security rules
and consequences, creating more aware and responsible employees.

Safeguards

As a Chief Information Security Officer with a limited budget, I would allocate
about 60% to cybersecurity technology and 40% to employee training. Although training
can reduce human error, I recognize that it cannot prevent all threats. Therefore, I would
prioritize technology to help prevent, detect, and limit damage when mistakes happen.
For example, tools like Data Loss Prevention (DLP) provide continuous protection that
training alone cannot achieve, which is supported by the National Institute of Standards
and Technology (NIST, 2020).

Conclusion

I believe the balance between training and technology is not one or the other, they
must work together. From a behavioral viewpoint, I understand that employees are
naturally prone to error and influence, which makes them vulnerable to attacks like
phishing. While training can improve awareness and behavior, it cannot eliminate
mistakes completely. For this reason, I would prioritize technology slightly more with a
60/40 ratio because it provides safeguards that reduce the impact of those errors. I
recognize that people will not always change their behavior, so I would rely on
technology as a backup to create a stronger and more realistic strategy.

Leave a Reply

Your email address will not be published. Required fields are marked *