The threats are real.

Despite everything that’s at stake, many businesses still sacrificed the security of mobile devices—and those that did were more likely to have been compromised. Expediency, including responding to the COVID-19 crisis, remains the primary reason for cutting corners.

While the share of companies aware that they had suffered a mobile-related compromise was down, the severity of compromises remained high.

Almost half of respondents admitted that their company had knowingly cut corners on mobile device security. That’s an increase from our 2020 report when the figure was 46%. The proportion rises to two-thirds (67%) in our IoT sample.

And of those remaining, 38% (27% IoT) came under pressure to do so. Another way of looking at this is that 68% came under pressure to cut corners and 72% of those succumbed.

The reasons for cutting corners were numerous, but responding to the COVID-19 crisis was the most common (48%). Organizations were forced to turn Commuters, along with many of the Tethered redirected to other roles, into Omniworkers almost overnight. And many struggled to maintain security standards.

As we discussed earlier, expediency and convenience were the main justifications cited for sacrificing security, with COVID-19 making a special guest appearance in our 2020 dataset. In our latest survey, we asked respondents not just why they sacrificed security, but also what for. And the results weren’t what we expected.

Unsurprisingly, respondents overwhelmingly said that they prioritize security over usability.

When it comes to balancing security and manageability, there was a much more even spread. That might lead you to expect that manageability would comfortably outscore usability when the two were put head to head. But actually, respondents were more likely to say they favored usability.

This was an interesting exercise, but, in reality, security, manageability and usability go hand in hand. If security measures are too onerous on users, they will look for workarounds. If security measures aren’t manageable—or make other aspects of IT less manageable—IT may struggle to ensure compliance and consistency.

Shadow IT

Gartner defines shadow IT as “IT devices, software and services outside the ownership or control of IT organizations.”¹⁶  It came to prominence several years back when cloud-based services that could be bought (relatively) inexpensively with a credit card entered widespread use. But cloud isn’t the only driver behind the growth of shadow IT.

Mobile device management was much easier in the days when companies issued a standard model of device—often a BlackBerry—and apps were extremely limited. Today, users expect to be able to use the devices and apps that they like and think make them most productive.

The majority of respondents (85%) said that when faced with a choice between security and usability, security comes first. This can create a conflict with users. It’s little wonder then that five out of six respondents said that they are worried about the emergence of shadow IT.

With so many companies opening up systems to personal devices and relaxing restrictions on apps to cope with the effects of COVID-19, shadow IT may be more of an issue in the coming years. Once a freedom is given, it can be very difficult to take back without creating much resentment.

¹⁶Gartner, Glossary: Shadow IT.