The survey reveals that less than a quarter of UK CIOs and IT managers believe that data held on mobile devices would be secure if those devices are lost or stolen. Since more than three-quarters of these same people have had to deal with lost corporate devices, and more than half of them admit that less than 10% of lost devices are ever recovered, it would be reasonable to assume that mobile security is high on the corporate agenda.
The survey reveals, however, that it is not. 45% of the respondents that allow mobile devices in the workplace do not have a password policy in place, and 41% of enterprises do not have a separate budget earmarked for mobile device security. This anomaly between understanding and action gets worse: 15% of respondents consider that device theft or loss is currently the biggest threat to corporate networks.
Gartner suggests that by the end of 2012, 50% of enterprise email users will be using browsers on mobile devices. The mobile security issue will only get worse. But what the Sophos survey highlights is that the concerns recognized by CIOs and IT managers have not yet percolated through to the enterprise itself. This could explain the lack of a mobile security budget, but does not explain the lack of policy (such as the failure to implement a password policy).
“It seems that businesses are eager to embrace the benefits of mobile technologies and the positive impact they can have on operations,” said Matthias Pankert, VP of product management data protection at Sophos, “but many have not yet got to grips with the security issues that come as a result. The survey findings demonstrate that set procedures and agreement over corporate usage are still lacking.”