Connect with us

Hi, what are you looking for?


Mobile & Wireless

Employee Resistance a Barrier to Effective Mobile Security Strategy: Report

When CSOs are asked about their top IT security concerns, mobile devices and apps almost always make the top three issues. However, a recent survey suggests security budgets don’t reflect the reality of protecting these devices.

When CSOs are asked about their top IT security concerns, mobile devices and apps almost always make the top three issues. However, a recent survey suggests security budgets don’t reflect the reality of protecting these devices.

A recent Ponemon Institute survey of 618 IT and IT security professionals sponsored by Raytheon estimated that on average, 40 percent of employees accessed business applications from personally-owned mobile devices. Despite the fact that mobile devices are ubiquitous in the workplace, 64 percent of survey respondents said they don’t have sufficient funding to protect their networks and data from mobile threats such as malware infections and user negligence.

The report estimated that spending $278 per device would be considered adequate, although actual spending varied wildly be the size of the organizations. Organizations with more than 75,000 employees spent an average of $98 per device on security, compared to organizations with less than 250 employees, which spent $633 per device, the survey found. Some of the discrepancy may be due to economies of scale of more devices. The typical organization in the study managed an average of almost 20,000 mobile devices, and this number is expected to increase to an average of 28,000 mobile devices over the next year.

About 48 percent of the responders said the biggest driver for bring-your-own-device initiatives was to ensure employees were always connected. The problem with getting everyone connected is that security appears to be taking a backseat to convenience. More than half, or 56 percent, of respondents said employee resistance was the biggest barrier to an effective mobile security strategy.

Based on that finding alone, it should be no surprise that 52 percent of the survey respondents said they had to scale back on the security protections used on mobile devices in order to boost employee productivity. Not surprising, but still disheartening.

“This survey points to the fact that there is a struggle to find the right balance between the cyber security needs of an organization and the efficiencies demanded by employees to do their jobs,” Ashok Sankar, senior director of product management and strategy at Raytheon Cyber Products, said in a statement.

It doesn’t help that nearly 60 percent of the respondents said employees are less diligent about being secure on their devices.

Advertisement. Scroll to continue reading.

Mobile device management and secure containers are the two most popular methods of mobile device protection, but they are not sufficient to combat existing threats, according to the survey. In fact, 75 percent of IT security professionals said it was important to secure mobile devices, but only half of the respondents said they were satisfied with the mechanisms currently in place.

More than half, or 57 percent, of the respondents said they prefer a virtualized approach, which would prevent data from being stored on the device in the first place. A little more than two-thirds of respondents, or 67 percent, also said they prefer to deliver mobile services via the Web rather than native apps.

“Mobile devices are becoming a dominant workplace tool, and organizations must adopt a mobile strategy with data security technologies that enable employees to work effectively without putting sensitive information at risk,” Sankar said.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.