a random sampling of employees at various organizations, most would probably consider themselves security-minded. They would argue that they are not actively sending sensitive data to malicious recipients, clicking strange links or downloading attachments from unknown senders.
Read full article on Security Intelligence