The key to identity and data security is proper practices and procedures. These are outlined in the US government's cyber security framework, NIST 800-53 (Rev 5). These include best practices for identity creation, handling and review. These practices are quantified and detailed in  the various regulations including PCI-DSS, HIPAA/HITRUST, SOX, SOC and now the D.o.D's CMMC. Best practices and identity governance don't ensure that mistakes won't happen but can help in mitigating the frequency and loss on these accidents.