"How to make sure your money keeps you out of our headlines?"
Simple. All you have to do is realize that security is a meatware issue. Stop spending money on hardware & code, and start spending your money on cognizant humans. One good coder at ~USD200,000/year beats a ~USD15,000,000 room full of servers every day of the week.
"Matthews is a former Director of Cyberspace Operations for the US Air Force"
When interviewing for said "one good coder", if the candidate mentions the word "cyber", stand up,shake their hand & tell them you will get back to them. Then send their c.v/resume to the bit-bucket shredder.
"and says organisations currently spend about 70 per cent of their security cash on blocking threats. He'd rather you spend money on figuring out how to handle breaches."
I'd rather spend money on hiring coders to run secure systems, instead of fixing 'em after they break. It's worked quite nicely for me for well over a third of a century ...
But what do I know? I'm not a .gov bureaucracy.