Organizations large and small are failing to respond to the culture of employees using their own mobile devices for work and are opening up their systems to security risks. These are the preliminary findings of the 2012 Information Security Breaches Survey written by PwC in conjunction with Infosecurity Europe and supported by the department for Business, Innovation and Skills.
The survey also found that 82 percent of large organizations reported security breaches caused by staff, including 47 percent who lost or leaked confidential information. Only 39 percent of large organizations encrypt data downloaded to smartphones and tablets.
Many small businesses 54 percent and more than one-third of large organizations 38 percent don’t have a security awareness program.
While a little more than half (52 percent) of small businesses say social networking sites are important to their business, only 8 percent monitor what their staff post on those sites.
Three-quarters (75 percent) of large organizations and 61 percent of small businesses allow staff to use smartphones and tablets to connect to their corporate systems, yet only 39 percent of the larger and 24 percent of the smaller businesses apply data encryption on the devices.
A substantial 82 percent of large organizations and 45 percent of small businesses reported security breaches caused by staff. Forty-seven percent of large businesses and 20 percent of small businesses lost or leaked confidential information, showing this is not a threat they can ignore, the survey showed.
Personalization is creating new security threats, from both malicious software and data loss, the survey shows, and organizations that allow personally owned devices tend to have weaker controls than those that allow corporate devices only.
With the explosion of new mobile devices and the blurring of lines between work and personal life, organizations are opening their systems up to massive risk," said Chris Potter, PwC information security partner. "Smartphones and tablet computers are often lost or stolen, with any data on them exposed. Mobile devices can literally drill straight through your security defenses, if youre not careful."
Alarmingly, 54 percent of small businesses and 38 percent of large ones dont have any kind of program for educating their staff about security risks.