77 percent of companies surveyed have a risk management function within their IT organizations. Nearly 30 percent of those companies don’t allocate budget to that function. Only 43 percent of respondents said they could present a complete record of user access privileges for each employee in a single day. Only 14 percent said they have the right controls in place to prevent insider threats. Nearly 50 percent of the affected companies either do not have, or underfund, their IT risk management activities,” Sailpoint says. “What you don’t know” can have real consequences on businesses, the study says.”]
Source: https://www.darkreading.com/analytics/many-it-risk-management-projects-go-unfunded