51% of security teams with a documented framework for identifying risk tolerance state that it is not closely followed.

83% of security teams claim to have a documented framework for identifying risk tolerance.