Despite the potential increase in both incidents and risks, many organization still don't take cyber-security seriously and as a result not much is invested in cyber-security capability development. I would like to hear your thoughts on this issue, particularly on the 'causes/reasons' that managers don't take cyber-security seriously.
PS: I'm developing a model with a sub component of cyber-security capability development and your information helps me better understand this issue.