The majority of businesses (79 percent, to be exact) had a mobile security incident in the past year, and the costs are substantial, according to security specialist Check Point Software Technologies' second mobile security report, "The Impact of Mobile Devices on Information Security."
The new report found mobile security incidents cost 42 percent of businesses six figures, with 16 percent putting the cost at more than $500,000. Large businesses were especially hard hit, as more than half (52 percent) of large businesses reported mobile security incidents have amounted to more than $500,000 in the past year. Small to midsize businesses (SMBs) were not immune to costly mobile security incidents, however. Forty-five percent of companies with fewer than 1,000 employees saw mobile security incidents exceeding $100,000 in the past year, the survey revealed.
Despite costly mobile incidents, 63 percent of businesses do not manage corporate information on personal devices, and 93 percent face challenges adopting bring-your-own-device (BYOD) policies. More than half (53 percent) of all businesses surveyed report there is sensitive customer information on mobile devices, up from 47 percent last year.
Google's Android operating system was the mobile platform with the greatest perceived security risks. Android was cited by 49 percent of businesses as the platform with greatest perceived security risk (up from 30 percent last year), a far higher percentage than those of Apple, Windows Mobile and BlackBerry. In fact, Windows Mobile and BlackBerry both saw the number of IT professionals who viewed these platforms as the most risky decrease by almost half.
Just over two-thirds of organizations (67 percent) have devices owned personally by employees, contractors or others that connect to their corporate networks. This includes 65 percent that allow both personal and company-owned mobile devices, as well as 2 percent that have only personally owned mobile devices on their networks.
"Without question, the explosion of BYOD, mobile apps and cloud services has created a herculean task to protect corporate information for businesses both large and small," Tomer Teller, security evangelist and researcher at Check Point Software Technologies, said in a statement. "An effective mobile security strategy will focus on protecting corporate information on the multitude of devices and implementing proper secure access controls to information and applications on the go. Equally important is educating employees about best practices as a majority of businesses are more concerned with careless employees than cybercriminals."
Among companies that allow personal mobile devices, 96 percent say the number of personal devices connecting to their corporate networks is growing, and 45 percent have more than five times as many personal mobile devices as they had two years ago. Participants reported that the most common challenge IT organizations face in adopting BYOD is securing corporate information (67 percent), closely followed by tracking and controlling access to networks (63 percent).