Despite everything that’s at stake, many businesses still sacrificed the security of mobile devices—and those that did were more likely to have been compromised. Expediency, including responding to the COVID-19 crisis, remains the primary reason for cutting corners.
The threats are real.
Mobile Security Index
2021 Report
Please provide the information below and then check your email for a link to view the online Verizon Mobile Security Index report.
Thank You.
Gracias.
You will soon receive an email with a link to confirm your access. When you click to confirm from your email, your document will be available for download.
If you do not receive an email within 2 hours, please check your spam folder.
Gracias.
You may now close this message and continue to your article.
The number compromised was down.
While the share of companies aware that they had suffered a mobile-related compromise was down, the severity of compromises remained high.
Just 12% of those that had suffered a compromise, less than one in eight, said that the consequences were minor. Over half (53%) said that the consequences were major. That’s actually lower than in the 2020 report, where 66% described the impact as major. But the percentage that said that the event had lasting repercussions was very similar, 33% in 2021 and 36% in 2020.
There was significant variation in the perceived severity of mobile-related compromises when broken down by industry.
Find out more.
Learn more about mobile device security threats in your industry in our set of industry-specific companion reports:
- Public safety spotlight
Find the mobile security insights first responders need today. enterprise.verizon.com/msi-public-safety - Public sector spotlight
Learn about the state of mobile security in the public sector, including local, state, and federal government and educational institutions. enterprise.verizon.com/msi-public-sector
- Public safety spotlight
Given that respondents rated the impact of compromises lower, it’s not surprising that they also thought that they were easier to remediate. But despite the improvement here, almost a third (32%) described the measures needed to put things right as “difficult and expensive.”
Almost a third (32%, down from 37% in our 2020 report) of respondents said that the compromise that they experienced was difficult and expensive to remediate.
But there is no room for complacency.
It’s more than data that’s at risk.
If you’re reading this report, and obviously you are, it’s highly likely that you have an above-average appreciation of cybersecurity risks. Way above average.
To a lay person, security compromise and data breach may be synonymous, but you know better. The exposure of sensitive data was the most common consequence of a compromise among our respondents, but it wasn’t the only one. Two-fifths (40%) said that cloud apps/systems had been compromised, and nearly as many (37%) said that credentials had been.
These were the IT consequences. Nearly all (96%) of the respondents that had experienced a mobile-related compromise faced business consequences. This includes nearly a quarter (23%) that said they had directly lost business as a result of the compromise.
The pressure to sacrifice security
Almost half of respondents admitted that their company had knowingly cut corners on mobile device security. That’s an increase from our 2020 report when the figure was 46%. The proportion rises to two-thirds (67%) in our IoT sample.
And of those remaining, 38% (27% IoT) came under pressure to do so. Another way of looking at this is that 68% came under pressure to cut corners and 72% of those succumbed.
The reasons for cutting corners were numerous, but responding to the COVID-19 crisis was the most common (48%). Organizations were forced to turn Commuters, along with many of the Tethered redirected to other roles, into Omniworkers almost overnight. And many struggled to maintain security standards.
What do companies sacrifice security for?
As we discussed earlier, expediency and convenience were the main justifications cited for sacrificing security, with COVID-19 making a special guest appearance in our 2020 dataset. In our latest survey, we asked respondents not just why they sacrificed security, but also what for. And the results weren’t what we expected.
Unsurprisingly, respondents overwhelmingly said that they prioritize security over usability.
When it comes to balancing security and manageability, there was a much more even spread. That might lead you to expect that manageability would comfortably outscore usability when the two were put head to head. But actually, respondents were more likely to say they favored usability.
This was an interesting exercise, but, in reality, security, manageability and usability go hand in hand. If security measures are too onerous on users, they will look for workarounds. If security measures aren’t manageable—or make other aspects of IT less manageable—IT may struggle to ensure compliance and consistency.
Shadow IT
Gartner defines shadow IT as “IT devices, software and services outside the ownership or control of IT organizations.”16 It came to prominence several years back when cloud-based services that could be bought (relatively) inexpensively with a credit card entered widespread use. But cloud isn’t the only driver behind the growth of shadow IT.
Mobile device management was much easier in the days when companies issued a standard model of device—often a BlackBerry—and apps were extremely limited. Today, users expect to be able to use the devices and apps that they like and think make them most productive.
The majority of respondents (85%) said that when faced with a choice between security and usability, security comes first. This can create a conflict with users. It’s little wonder then that five out of six respondents said that they are worried about the emergence of shadow IT.
With so many companies opening up systems to personal devices and relaxing restrictions on apps to cope with the effects of COVID-19, shadow IT may be more of an issue in the coming years. Once a freedom is given, it can be very difficult to take back without creating much resentment.
16Gartner, Glossary: Shadow IT.
Let's get started.
Choose your country to view contact details.
Call for Sales.
Or we'll call you.
Existing customers, sign in to your business account or explore other support options.