This document compares the level of venture capital (VC) investment in the cybersecurity industry with the reported breaches in the United States. The conclusion of this comparison encourages security professionals to explore the reasons why the cybersecurity industry is underperforming from the protection point of view, despite the level of investment. This document assesses the reactive nature of the industry, the complexity in the decision-making process, and the subsequent consequences for the organization.