
So, a company that sells tools for locking down data, commissions a survey that show companies need to lock down their data more? No surprises there.
In the real world however, locking everything down is rarely a good idea. People often do need more access than you might expect in order to do their jobs efficiently. Implementing "work to rule" always causes productivity to plummet.
I have worked at places where the systems are so locked down that you really struggle to do your job. Such companies have such strict access policies that projects can be delayed for weeks while you chase up the only person who has access permissions (and yet not the skills or intelligence) to do the five minute fix you need. On several occasions I have had to resort to other methods of gaining access to systems just to get the job done.
What I am trying to say is, rather than trying to lock down everything and contrain your employees into narrowly defined processes of what management thinks is their job; hire competent people, give them all the access they ask for, and trust them to use that access appropriately. That is how you get work done.