Orome1 (1901578) writes "A global survey of more than 1,240 IT decision makers at large enterprises – 72% of which have more than 1,000 employees – found that 33% of respondents do not believe their organizations have an accurate assessment of the level of IT risk they face from internal and external threats. This lack of confidence in risk assessment is warranted for two reasons. First, nearly one in four companies (23%) indicated that they do not have a formal IT risk management program in place. Second, a large percentage of businesses do not routinely review user access rights to data."
Link to Original Source