2. Poor Or Nonexistent Security Culture
Penetration testers trained to find ways to gain access to corporate systems point out that the best defense is often end users, if they are made aware that security is a top priority. Chief information security officers often put plans in place to help create a culture of security at businesses. But it takes time, according to the Ponemon Institute. Building a sense of security into end users cannot happen with one-off training programs -- there needs to be a systematic and consistent security program over an extended period of time, according to the Ponemon Institute. Organizations with a strong security posture according to its benchmarking measurements were able to contain costs when a data breach took place.