If it's not capitalized (turned into an asset) then it's not an investment from an accounting perspective. Although R&D may be considered an investment by the layman, as the OP pointed out:
>even if it can be defined as investment in layman terms.
It is an investment from a managerial accounting perspective (how the business really works), no matter what it's called by financial/tax accounting (how the business formally reports its status). Expenses, such as taxes or the electric bill, pay for things you use up. You can't keep them, keep using them, or resell them. But R&D is an attempt by management to produce IP assets, some of which will be used for years and can even be embodied in patents and sold, like land or machinery.
Financial accountants can't deal with the unpredictable outcome and the fact that even success is hard to quantify. They can't put the million-dollar payment in one column and the specific million-dollar asset that was purchased in the matching column, which is required to make the books balance, so they call it an expense.
It's not a case of something that is really an expense but is mistaken for an investment by "laymen". On the contrary, it is really an investment in IP asset creation by management that financial accountants have to treat as an expense, like paying taxes, due to limitations in the accounting "technology" they are required to use.
Spent: verb, to spend, you could spend money settling a lawsuit but it would be a stretch to call that investment.
Investment: to allocate money in the expectation of future benefit, so that could mean administrative expenses, which would cover and include a lot (but not all) spending.
It's all about the perspective. A manager might consider test-driven development or security-driven development a matter of "spending" - in that it costs time and money and doesn't provide an immediate tangible benefit compared to making the thing that makes the money - but the engineers see it as an investment.
Both sides are right. If the company is never hacked, then it could both validate the security model as well as give a reason why not to bother in the first place. If the software runs smoothly throughout development (give or take a bug here and there), then all that testing was indeed a waste of time.
The difference between investment and cost is the ability to look into the future and analyze the past.
So there really isn't a straight answer.
EDIT: it also matters to the perspective of those outside of the organization. A bullish analyst might call Alphabet's moonshot projects an investment, while a bear would likely label them a cost.
in your example, even if the security-driven development generates value by preventing a hack, it could simply be considered Cost of Goods Sold, or maintenance costs...
In accounting standards, Investment turns into an asset.
-> CCTV system = investment
-> security guard = cost
they both generate value by increasing security and the dinstinction is not related to their usefullness for the company.
I define 'investment' as 'money spent in the pursuit of future benefit'. In this case, money spent settling a lawsuit to avoid a significant chance of later spending a far greater amount paid as damages (and why else would you settle?) is most definitely investment.