Risk assessment, in fact, is one of the larger vulnerabilities the survey found.
Not the assessments themselves -- more than three-quarters of the IT and business professionals surveyed said their companies undertake risk assessments.
But once the assessments are done barely 40 percent draw on the findings to help guide spending and investment.
This even as both the threats and the networks threatened by them grow more complex. That complexity itself -- and the variety of openings complex systems offer to adversaries -- was cited as the number one vulnerability companies face.
Number One with a Bullet, I'd say -- that bullet being aimed from a variety of guns at a variety of risky business and security behaviors, policies and practices.
All of them very much worth... assessing.
And once the risks are assessed, managing.
Here's a good long look at Risk Management that we've mentioned before. Still worth reading, as the Informationweek survey shows.