Cybersecurity has become a key factor determining the success of business operations who relies on the functioning of information systems. Hence, the effecient investment on cybersecurity is an important financial and operaional decision. We propose a modeling framework that incorporates major components relevant to cybersecurity practice, and study the characteristics of optimal cybersecurity investment decisions for a firm, as well as how they vary under different risk approaches. A data-based analysis for major industries is performed, where we map the maximum potential loss of a firm with the optimal cybersecurity budget size and discover that the optimal budget size is independent of the mix of assets that a firm holds. In addition, we also conclude that firms in finance, energy, and technology sectors should invest more in detective technologies than preventive, as oppose to even split in most other industries. Moreover, the overall cybersecurity budgets for the former set of industries should be higher when compared with others.