is likely that many employees will reject or forget their responsibility for information security
by pointing out that those above them in the organisational hierarchy are responsible. As a
result, security safeguards will not be implemented because they almost always initially
represent an additional effort on top of employees' usual work.