Nearly 40 percent of large enterprises, including many in the Fortune 500, aren’t taking the right precautions to secure the mobile apps they build for customers, said a study by IBM Security and Ponemon Institute.
Organizations are poorly protecting their corporate and BYOD mobile devices against cyber-attacks, said the IBM study.
Malicious code is infecting more than 11.6 million mobile devices, said Ponemon Institute and IBM Security study, which researched security practices in over 400 large organizations.
The average company tests less than half of the mobile apps they build. 33 percent of companies never test their apps. 50 percent of organizations were found to devote zero budget towards mobile security.
The organizations studied, of which 40 percent are Fortune 500 companies, operate in industries which work with highly sensitive data, including financial services, health and pharmaceutical, the public sector, entertainment and retail.
Each spent an average of $34 million annually on mobile app development. 5.5 percent is currently being allocated to ensuring that mobile apps are secure against cyber-attacks before they are made available to users. 50 percent of companies devote no budget to security.
According to IBM X-Force research, in 2014 alone, over 1 billion pieces of personally identifiable information (PII) were compromised as a result of cyber-attacks2.
65 percent of organizations state the security of their apps is often put at risk because of customer demand or need, and 77 percent cite rush to release pressures as a primary reason why mobile apps contain vulnerable code.
Of the companies that actually do scan for vulnerabilities before deploying apps to the market, 15 percent of them test their apps as frequently as needed to be effective.
IBM said 55 percent state their organization does not have a policy which defines the acceptable use of mobile apps in the workplace, and 67 percent of companies allow employees to download non-vetted apps to their work devices. 55 percent of organizations say employees are permitted to use and download business apps on their personal devices (BYOD).