Firms Face £18 Million Bill for Mobile Data Breaches

Over 60% of the world’s biggest organizations have had a data breach resulting from employees trying to access sensitive information via their mobile devices, potentially costing them over £18 million each, according to Lookout.

The mobile security vendor commissioned the Ponemon Institute to interview 588 IT and security leaders at Global 2,000 companies, in order to compile The Economic Risk of Confidential Data on Mobile Devices in the Workplace study.

It found that a surprisingly high number (67%) claimed to have been breached because of the use of mobile devices, resulting in an economic risk estimated at £18.2m – including factors such as reputation damage, clean-up costs, non-compliance etc.

On average, 3% of mobile devices in the enterprise are infected with malware at any one time, but surprisingly over one-thirds of respondents (35%) said they didn’t take any defensive measures to secure data, like encryption or anti-malware.

The report also revealed a worrying disparity between IT’s perception of the level of mobile use internally and the reality. For example, IT believes that 19% of staff can access customer records via mobile while 43% of employees say they actually have access to that data.

Lookout’s EMEA VP, Gert-Jan Schenk, argued that IT needs to do more to improve mobile security and control.

“Despite the increase access of corporate data on mobiles, the majority of organizations are not providing guidelines for employees’ access or storage of company data. Only 41% of respondents say their organization has a policy that specifies the types of company data that employees can or cannot access with mobile devices and only 30% of respondents say there is a policy specifying the types of company data that can be stored on their mobile devices,” he told Infosecurity.

“In general, companies need to do a combination of things to better secure their corporate data and networks on mobile. This includes setting policy around which data can be accessed, by whom and where. It also means utilizing more comprehensive protection technologies and solutions.”

What’s Hot on Infosecurity Magazine?