
Information security is often framed as a technology and compliance issue addressed through better tools, tighter controls and stricter policies. Yet security performance frequently falls short even after significant investment. Protocols can feel burdensome or disconnected from day-to-day work, leading employees to disengage from required practices.