Organizations are aware of the “serious and growing security threat” that mobile devices present in business, and yet many of them admit that they’re not doing enough to lessen the risks, according to Verizon’s Mobile Security Index 2018 report.

For 32% of organizations, mobile security takes a back seat to what Verizon called “expediency and business performance”. This is despite the fact that cyberattacks targeting mobile devices, smartphones in particular, have become all too common in our increasingly mobile world.

However, the sacrificing of mobile security comes at a cost. Businesses that had done so were over two times more likely to have suffered data loss or downtime (45%) than those that had made security their top concern (19%).

The study surveyed over 600 professionals in the United States and the United Kingdom who are involved in purchasing and managing mobile devices for their organizations.

Concerns and precautions

Only one in seven organizations have put in place all four basic cybersecurity practices specified by Verizon – changing all default passwords, encrypting data transmitted over public networks, granting employee access on a need-to-know basis, and testing security systems regularly.

Only four in ten change all default passwords and use two-factor authentication on their mobile devices. One-half don’t have a policy for employees’ use of public Wi-Fi. A mere one-third of the organizations use mobile endpoint security and less than one-half said that they use device encryption.

"Securing the multitude of mobile devices that connect to public and private networks and platforms is paramount for protecting corporate assets and brand integrity," said Verizon senior vice president Thomas Fox.

There was almost universal agreement among the respondents that organizations should take mobile security more seriously. However, most organizations (62%) feel that better mobile security may be hampered by a lack of understanding of specific threats and solutions.

Employee misuse, whether driven by malicious intent or caused by inadvertent error, is seen as a significant cyber-hazard by almost 80% of the organizations.

The same percentage voiced greater concern about disruption of their business operations caused by security incidents than about data theft.

Nearly 40% of organizations that allow employees to bring their own smartphones and tablets to work view this trend, known as “bring your own device (BYOD)”, as the source of their top concern.

Lest we forget: three in four respondents anticipate that the risks will intensify further during the next year.