This study examines the paradoxical relationship between increasing United States of America (USA) cybersecurity investment and rising cyberattacks from 2010-2023. Despite over 20 billion in cybersecurity spending, attack frequency and complexity continue escalating. Through mixed-methods analysis utilising comprehensive statistical techniques, including time-series decomposition, correlation analysis, and regression modeling with gross domestic product (GDP), internet usage, and technological advancement controls, this research reveals that traditional reactive spending strategies, asymmetric offence-defence dynamics, and inadequate measurement frameworks better explain this paradox than simple investment ineffectiveness. Using official data from Cybersecurity and Infrastructure Security Agency (CISA), FBI IC3 (Federal Bureau of Investigation Internet Crime Complaint Center), and National Institute of Standards and Technology (NIST), the analysis demonstrates that spending-security relationships are more complex than previously understood. Traditional security models prove insufficient against current threats. The study advocates for fundamental policy shifts toward adaptive, intelligence-driven approaches prioritising proactive defence, cross-sector coordination, and dynamic resource allocation, urging radical cybersecurity strategy reassessment.
Esra Merve Çalışkan (Thu,) studied this question.