Final answer:
Many organizations may not adequately protect their systems because prioritizing productivity and cost cutting leads to the neglect of implementing and maintaining solid internal controls.
Step-by-step explanation:
One reason why many organizations do not adequately protect their systems, particularly against internal threats, is often related to productivity and cost considerations. The correct answer to the question is B) productivity and cost cutting cause management to forgo implementing and maintaining internal controls. Enterprises prioritize immediate operational efficiency and cost management, sometimes at the expense of establishing robust internal control systems, which are necessary for longer-term security and compliance. This can be a result of a cost-benefit analysis where short-term gains are given precedence over long-term resilience to risks.
Furthermore, there can sometimes be a naive assumption within some organizations that control technology is either too complicated or not sufficiently developed to handle modern threats, although this is generally not the case. This contributes to the overall reluctancy to invest adequately in necessary protective mechanisms.