Connect with us

Hi, what are you looking for?


Mobile & Wireless

Organizations Fail at Securing Regulated Data on Mobile Devices: Survey

In security, what organizations don’t know about their data that can hurt them.

In security, what organizations don’t know about their data that can hurt them.

In a new survey sponsored by mobile security provider WatchDox, the Ponemon Institute found that more than 80 percent of the 798 IT professionals surveyed did not know how much of their organization’s data is stored on cloud file sharing services or mobile devices.

In addition, most organizations did not have technical controls in place to protect regulated data on mobile devices, with 73 percent relying on manual policies and just 12 percent utilizing mobile device management technology. Only six percent used mobile digital rights management products while four percent used mobile application management tools.

“While almost every IT practitioner recognizes the risk to regulated data in their organizations, steps to understand the extent of such data on mobile devices and in the cloud are not taken,” according to the report.

“The greatest data protection risks to regulated data exist on mobile devices and in the cloud,” the report contends, observing that respondents believe the greatest areas of potential risk to regulated data within organizations are with mobile devices (69 percent of respondents), cloud computing infrastructure (45 percent of respondents) and applications (33 percent of respondents).

Still, the survey found that 59 percent of respondents said their organization permits employees to use their own devices (BYOD) to access and use regulated data. In addition, 43 percent of respondents say that their organization allows employees to move regulated data to cloud-based file sharing applications, the report notes.

The study also found that many respondents were not fully aware of the role compliance regulations should play in mobile security. For example, even though 67 percent of respondents said their organizations must comply with U.S. and state privacy and data breach laws, only 18 percent are aware that these laws specify the protection of regulated data on mobile devices, including employees’ personal devices used for work purposes.

Advertisement. Scroll to continue reading.

On average, organizations represented in the study experienced almost five mobile device-related data loss incidents in the past two years, resulting in the breach of an estimated 6,000 individual records, according to the report.  

According to the Ponemon Institute, organizations should make sure they know how much regulated data is on employee mobile devices and take steps to prevent employees from accessing data unsecurely.

 “Regulated data isn’t subject to a lower standard of protection just because it ends up on a mobile device,” said Ryan Kalember, chief product officer at WatchDox, in a statement. “This study clearly shows that IT departments must understand the risks and be more proactive to accommodate mobile productivity while still protecting the organization’s data.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.