Cyber security policies help to protect a company’s network from both external and internal threats. For example, 91% of cyber attacks start with a phishing email. While employees may not be intentionally compromising a network, bad actions such as clicking on malicious links or downloading documents containing malicious code create security vulnerabilities. Therefore, implementing a security awareness training program to educate employees on cyber security threats and how to identify them help to reduce this risk.