38% of IT leaders rank "employee misunderstanding of security policies" among their top vulnerabilities, while 60% of employees report using workarounds to bypass policy measures, highlighting a potential gap between IT leaders’ assumptions and the reality on the ground