Few employers have a culture that supports cybersecurity