Cybersecurity should be understood as an inherent cost of doing business and a component of every budget, whether it is the cost of updating systems, staffing, or vulnerability scanning, pen testing, training, or phishing activities. All of these activities reduce the risk of exposure to the company and ultimately minimize long-term costs. If you assume the cost per personal record of a breach is $242, it doesn't take long to understand the cost avoidance value. For those in regulated industries, funding information security is simply part of the normal budgeting activities. These companies understand the requirements they have to meet and the costs associated with compliance, and the strict penalties for non-compliance.