Some 27% of executives with responsibility for their organization’s mobile devices said their firm had experienced a security incident in the past year involving the loss of data or system downtime in which mobile devices played a key role, according to new findings from Verizon Communications Inc.
In addition, 32% of respondents admitted to sacrificing mobile security in order to improve “expediency and/or business performance,” a report about the Mobile Security Index 2018 survey from the New York City-based phone giant says.
For the study, Verizon commissioned an independent research firm to survey in 2017’s second half more than 600 professionals in charge of procuring or managing mobile phones, tablets or related devices at their organizations, which had 250 to more than 10,000 employees. Some 83% of respondents were based in the U.S. and rest were in the U.K., and they came from a wide variety of industries. Half the organizations studied had 1,000 or more mobile devices in use, and 22% had 5,000 or more.
There clearly was a cost for sacrificing security: the corner-cutters were 2.4 times more likely to sustain loss of data or system downtime than those that didn’t. Among the companies that admitted to doing so, 45% had suffered had a security incident or downtime, Verizon said. Among the 68% that hadn’t, only 19% had similar incidents.
Some 25% of respondents in the financial-services industry had experienced a “mobile-related incident,” the report says, adding that 18% had suffered “a major one with lasting repercussions.”
Protecting payment card data ranked only eighth among the 10 types of information Verizon asked the managers about which they were concerned. Card data was cited by only about 35% of the respondents. Protecting sensitive internal information, classified company information, and financial information were the top three types, all getting citations from nearly 50% of the respondents. About 37% of respondents said they were concerned with protecting bank account data, good for sixth place.
Verizon said financial-services firms were the most likely among the industries surveyed to agree that the Internet of Things is the greatest security threat facing organizations. Some 93% of respondents in that sector agreed, with 19% strongly agreeing.
In other findings, 39% of respondents in organizations that use employee-owned devices ranked them as their No. 1 concern, and 76% ranked them among their top three concerns. On a related note about the bring-your-own-device trend, only 61% of organizations surveyed own all the mobile devices used for work tasks at their firms.
“Who owns the device is of less concern than who controls it,” the report says. “If it’s employee-controlled, the company may not be able to enforce security measures like data encryption and anti-virus protection or ensure that patches and updates are applied. This can create serious security gaps that may be exploited by cybercriminals.”