Human Factor Write-Up 11/16/25

Mason Phillips
CYSE 200T
Professor Duvall
November 16, 2025

Allocation of Funds regarding cybersecurity

BLUF: With a limited budget for cybersecurity and the options to put the funding towards
employee training or towards cybersecurity technology the funding should go towards
employee training.

Overview

With a limited budget for both training and new cybersecurity technologies a decision must
be made about which the money will go towards and how the lack of one will affect the
other in return. Both training and technology are important for the continued growth,
development, and protection of cybersecurity in a business, and they both have their
benefits, but I believe that at the end of the day the funding should go towards employee
training.

Benefits of putting funding towards training

Employee training has several benefits in comparison to funding technology including
helping to erase human error, the boost of security culture, and cost efficiency. Human
error is the number one cause of breaches and extra training can help to mitigate these
mistakes from happening. Security culture is important in the idea that even with the best
technologies, attacks can still happen if the employees aren’t trained and don’t know what
to look out for. Training is also cheaper than new technology, along with training also being
scalable, repeatable, and adaptable at the same time.

Benefits of putting funding towards Technology

Putting funding towards new cybersecurity technology has the benefits of automation and
reduced workloads. Automation can pick up areas in which the human employees are
lacking, providing around-the-clock protection through the means of firewalls, endpoint
detection and response, security gateways, and faster detection and response to threats.
This is a major help in reducing the workload on the security team.

Why it should go towards training over technology

As was mentioned before, human error is the number one cause of breaches, and the
mitigation of these mistakes should be highly prioritized. Training can also lead to the
mitigation of insider threats and stop them from happening, which is any time someone
with authorized access uses that access to hurt the company in any way, whether it be
intentional or unintentional. Another part that was mentioned above was that without
training, employees may not know what to look for, which can allow for attacks to slip by
unnoticed until it’s too late.

Conclusion

Conclusion: The funding should be allocated towards employee training rather than new
cybersecurity technology. In an area such as cybersecurity where human error can cause
catastrophic failures, employee training is too important to pass on and needs the funding
rather than new technology.

Leave a Reply

Your email address will not be published. Required fields are marked *