An organization is evaluating its information security policies and has found that its current policy inadequately defines data and system ownership. The review team needs to understand the potential risks associated with this issue. What is the greatest risk associated with a policy that inadequately defines data and system ownership?