The consequences of an attack gone well are often times to disruptive to not aggressively confront the problem preemptively. ( No one wants to be the next SONY) If there ever was hesitation to confront the issue on the C Level ...this is clearly not he case anymore. No self respecting CEO or board wants to get caught in a cyber attack and not have had done their homework.
As always....anything IT related costs money. The problem with cyber security is that it requires a lot of work in the beginning..and less once appropriate changes to the procedures and network infrastructure have been made. Staffing for such a situation is always tricky.
Corporations trying to address the issue by using existing staff often times find that this solution is only the second best one.
The In House staff lacks the in depth knowledge required to truly audit the existing set up and infrastructure. There is also a lack of knowledge as to the latest technology used by the hackers. As such the issue of how to properly guard the network becomes rather complex.
One good solution is to outsource the cyber audit. Hiring an expert team which can remotely probe the network using the latest hacking technologies (white hacker) might be a much better solution. If you find the right BPO company which has a strong cyber security team the results will be better than anything your internal team might come up with. Outsourcing cyber security will be much cheaper than hiring a top level Cyber Security Officer (or a whole team). The costs are also limited in duration.
Another big advantage is that you can reengage the team as needed to ensure you are up to date with your defenses. Having a top notch outsourcing company at your disposal to revisit the network every few months to make sure that it is up to date is the equivalent to purchasing catastrophe insurance.
You might never need it...but you are sure happy to have it once you do.