you are the cybersecurity chief of an enterprise. a risk analyst new to your company has come to you about a recent report compiled by the team's lead risk analyst. according to the new analyst, the report overemphasizes the risk posed by employees who currently have broad network access and puts too much weight on the suggestion to immediately limit user access as much as possible. according to the new analyst, not only does the report not mention the risk posed by a hacktivist group that has successfully attacked other companies in the same industry, it doesn't mention data points related to those breaches and your company's risk of being a future target of the group. how should you address this issue so that future reports and risk analyses are more accurate and cover as many risks as needed?