I am trying to implement Cybersecurity within our company. Beyond news articles of corporate hacks and anecdotal stories, are there any resources, scientific articles that show numbers/stats of the dangers of weak security. Trying to make a compelling case of why we should invest in practices now vs feature-product development (we are a small company so we have small bandwidth).<p>Also I am not just thinking software changes like backend throttling, best encryption method to use, but enforcing password managers, password generators, phishing protection.