Risk averse.
Overly reliant on processes, approvals, risk assessments.
Standard yearly bonuses (could be higher)
Company-wide IT security policies sometimes hinder software development work.
Too restrictive against employees working remotely from abroad, even temporarily.