According to the respondents, the existing control mechanisms are particularly immature, for example when it comes to the use of personal mobile devices, perimeter threats and the detection and correction of unauthorized applications in the company.