3. Lack Of Strong Leadership
Organizations with strong security programs often have chief information security officers who have been in place for a number of years, according to security experts. A strong leader encourages participation, keeps top executives informed and builds momentum around the program. Organizations that have appointed a C-level information security professional had fewer expenses at the time of a data breach, according to the Ponemon Institute.