As the Information Security Manager for an e-commerce company, a proposed policy change suggests loosening security restrictions to improve user experience on your platform. What should be your PRIMARY consideration before endorsing this policy change?