Over the past few years, companies have bolstered their data security measures by investing in more robust information security networks to protect against malicious cyber attacks, and updating written policies to ensure compliance with the complex framework of applicable laws. Many companies fail to realize, however, that the greatest threats often lie within their own organizations.

According to a recent report, which was based on a three-year survey of over 165,000 corporate employees, company policies “designed to protect data and prevent breaches are not working” because 93% of employees knowingly violate them. These violations include failing to encrypt emails, improperly accessing or disclosing personal information, and failing to notify supervisors of data security incidents, such as lost laptops or mobile devices.

But what is perhaps even more concerning is that senior executives (with a high potential to harm the company) are the worst offenders. The report also found that companies face a 60% chance that they will suffer a “major security breach” without even knowing it.

The findings, which were also reported in the Financial Times and The Privacy Advisor, underscore the importance of developing clear and understandable policies, regularly training employees on those policies, and emphasizing privacy and security within the organization. Maintaining an organizational culture that fosters privacy and security awareness is critical to mitigating the emerging risks that all companies face today.