IT | Security

Enterprise Workers Believe "Security Is Not My Responsibility"

By: Absolute Editorial Team | 3/5/2014

Absolute Software just released the results of the 2013 Mobile Enterprise Risk Survey, which polled workers in companies with 1,000 or more employees who use mobile phones for work, touching on companies in a variety of industries on the state of BYOD, security awareness and compliance. The survey showed that employee attitudes towards mobile security is introducing an unnecessary amount of risk into the enterprise.

In our US survey, which interviewed 750 workers, we found that mobile use guidelines are, and will continue to be, a challenge for IT. With 63% of respondents indicating their work phone doubles as a personal phone, with work functions ranging from work email, work contacts, login details for corporate accounts, work files and work-related apps.

Despite the amount of corporate data stored on mobile phones, along with access to corporate networks or apps, many employees believe the corporate data on their phones is worth very little. When a data breach could result in fines in the millions of dollars, it's clear that employees do not understand the value of the data on their phones.

If firms don't set clear policies that reflect the priority of corporate data security, they can't expect employees to make it a priority on their own.

Key findings from the US 2013 Mobile Enterprise Risk Survey

  • It's not my problem - 25% of American enterprise workers surveyed said there should be no punishment if they leak or lose company data since data security is 'not their responsibility'
  • It’s not a big deal - While 75% of respondents felt that they should face some penalty if they lost corporate data, many of those who had lost a device with work data on it said their punishment ranged from 'nothing' (34%) to simply having to replace the device (30%) or getting a 'talking to', but nothing else (21%)
  • I didn’t know - 23% of respondents indicated that they don't know their company’s procedure for dealing with work device loss or theft. 10% believe that their employer isn't looking to introduce a procedure for the loss or theft of work devices.
  • It can’t happen to me again - 35% of respondents who had lost their mobile phones stated that they did not change their security habits afterwards
  • It’s just a phone - 59% of enterprise mobile users estimated their corporate data to be worth less than $500

As our findings show, workers have a lax attitude toward securing their devices, paired with an inaccurate perception of the value of the data on their devices. When compliance fines in the half million dollar range are being levied due to data loss, it's clear that companies need to do a better job articulating clear mobile policies to employees.

Download the findings from the Absolute Software US 2013 Mobile Enterprise Risk Survey, or read our press release. Also check out the 2013 Mobile Enterprise Risk Survey for the UK and the 2013 Mobile Enterprise Risk Survey for Germany. Join the discussion on these results on Twitter #mobilerisk.