Politics are always incurred in work and culture of an organizations especially large one.
Cybersecurity becomes a hot topic and new normal to strike for cyber safe in applicaton system, business process or industrial automation.
There are cybersecurity policies mandating the right things to do. However, no policies are perfect and neither can policies address all situations in real life. It then creates a new political atmosphere.
The appropriate approach is to engage a 3rd party to look at the entire cybersecurity culture of an organization from fresh-eye, the competency of the cybersecurity team whether the members possess the relative credentials, their ability to upkeep knowledge, their working relationship with business, the cybersecurity strategy or priority on the organization as a whole rather than micro-management and zero-one decision of so-called policy compliance.