The disconnect between perceived and actual mobile security
Please provide the information below to view the online Mobile Security Index Report.
Thank you.
You will soon receive an email with a link to confirm your access, or follow the link below.
Thank you.
You may now close this message and continue to your article.
- 2024
- Introduction
- Modern work, enabled by mobile
- IoT—everything, everywhere, all at once
- IoT use is especially high in critical infrastructure sectors
- IoT security risks: Amplified in critical infrastructure sectors
- All sectors perceive increased mobile and IoT risk
- Breach risks and impacts are high, especially in critical infrastructure
- Shadow IT: A looming security challenge
- Emerging AI cyberthreats meet new AI defenses
- The disconnect between perceived and actual mobile security
- Critical infrastructure sectors have specific considerations
- Mobile security awareness and solution investments are rising
- IoT security is also making strides
- But IoT security gaps remain
- More to do. More that can be done.
- The call to arms: Move faster
- Appendices
- Contributors
- Download the full report
Despite rising concerns about everything from breach risks to mobile-driven attacks and potential AI threats survey data leads us to believe that the extent of concern shown by respondents often doesn’t seem to match the risks.
A false sense of security
Respondents report high levels of confidence in their mobile defenses across a number of areas. For instance, they expressed a great deal of faith that current mobile device security measures are effective, with 96% asserting that their defenses are at least somewhat effective. This confidence stands in stark contrast to rising reported breach rates.
This confidence stands in stark contrast to rising reported breach rates.
67%
say current mobile device security measures were very effective.
53%
have experienced a security incident involving a mobile or IoT device that resulted in data loss or downtime.
Compromised? No problem.
Another area where respondents express high levels of confidence was in their ability to recover quickly from a breach incident.
This, too, is at odds with what respondents said about their actual incident experiences.
51%
are very confident in their ability to quickly recover from a mobile-related compromise.
38%
report that an organizational security incident involving a mobile or IoT device had a major impact—financial or reputational—on their organization.
75%
of those that experienced a mobile- or IoT-related incident say remediation was not simple or cheap.
Underlying unease
Despite a professed confidence in their ability to protect against mobile-based threats and recover from incidents, respondents also simultaneously cite persistent mobile security worries. Almost half believe end users are complacent about data privacy and security, oblivious to the dangers of credential theft, and tend to exercise poor security hygiene.
89%
of respondents believe organizations need to take mobile device security more seriously.
85%
of respondents believe mobile-related security risks have increased or significantly increased over the past year.
Lack of visibility and control
Part of the problem could be that respondents simply don’t know what they don’t know. With the proliferation of shadow IT, little centralized IT oversight of IoT projects and many employees taking a choose-your-own-adventure approach to home and public Wi-Fi connectivity, security stakeholders face a daunting challenge in accurately assessing the risks.
63%
of respondents do not centrally coordinate IoT projects.
53%
report that IT does not have oversight of IoT projects.
87%
say they are at least somewhat worried about shadow IT.
55%
have no formal disaster recovery plan in place.
41%
lack organization wide security policies.