A new study by Willis Towers Watson shows that companies "need to focus more on employees and company culture in their efforts to manage cyber risk", according to an article by information-management.com.
This study bothers me. While the human element is key, we're at a point where we can't wait for people to "know better" . That takes time and while we continue to educate and drive awareness, maturing that technology is a solid bet.
If someone is focused and skilled, they WILL spearphish you. Trust technology to stop the incursion after the click.
If someone sends out sensitive business information via email, detect that and automatically encrypt it AND notify them.
And if someone leaves a laptop on a train, if it's encrypted the issue is only so serious.