A culture of blame and fear when it comes to security means end users won’t tell you if they are using an unsanctioned app, have clicked on a malicious link or have seen unusual activity until it’s too late. Security teams should empower users with a culture of personal responsibility so that they treat data security in the same way they approach other company policies like health and safety.