According to an industry survey, one group of employees is the most likely source of security breaches to your IT system.

Upper level managers — ironically, the people charged with enforcing some of your security policies — present the biggest security headache for most companies. And the higher up the ladder managers climb, the less concerned they become with security.

The majority (56%) of IT professionals say their organizations’ higher-ups believe that IT’s security rules don’t apply to them, according to a recent survey from security vendor Cryptzone.

In addition, 42% said directors and senior managers in their companies flat-out ignore security policies. What may be even worse, 52% of respondents said they agreed with the statement, “Directors have access to the most sensitive information but have the least understanding of security.”

One possible solution to that problem: Offer the right amount of training to the right people.

The majority (65%) of IT pros said everyone in their organization gets the same amount of training, regardless of their jobs. But the higher up in the company you go, the greater the potential for exposing sensitive information, so IT must make sure those people get enough information to minimize security risks.

It’s also important to design training and other educational initiatives so that people only receive information that applies to them.

For more help getting everyone in the organization on board with IT security, read three pitfalls to avoid when promoting a security-conscious culture.