Companies must also address the non-technological tools of cybersecurity. For example, current and former employees are the most frequently-cited culprits in cyber breaches. That’s 
why companies at the forefront of tackling the problems are going beyond a compliance checklist approach to an information security approach. They are developing broader data governance policies and practices to protect sensitive information. Thus, rather than key in on defending themselves from external threats, these companies are developing and implementing policies for the creation, use, storage, and deletion of information.