Most corporations suffer from the delusion that a small team of cybersecurity experts buried within the bowels of IT (or elsewhere) can protect the other 99%+ of the company’s workforce from exposing business-sensitive or business-critical information to malicious external actors. Unfortunately, this same delusion exists within many IT shops. 95%+ of the IT staff members blithely assume that the security team (which may only represent 5% or less of the total IT staff) will keep them all out of trouble. These delusions have proven to be false many, many times but they persist nevertheless.
