The finding is linked to a lack of visibility of the business’s app estate and decentralised security governance.