Two thirds of organizations surveyed for a recent report said they suffered a data breach that resulted from employees using mobile devices to access confidential company information, according to the San Francisco-based security firm Lookout and Traverse City, Mich.-based Ponemon Institute.

The companies said an average of 3% of employees' mobile devices are infected with malware at any point in time, which equals more than 1,700 mobile devices in a typical organization that connect to an enterprise network every day. A mobile data breach could therefore cost enterprises more than $26 million, according to the report, titled, "The Economic Risk of Confidential Data on Mobile Devices in the Workplace."

The report, based on responses from 588 IT and security leaders, also revealed mobile devices could be a critical part of any cyberattack. The study examined the risk introduced by employees accessing increasing amounts of corporate data via their mobile devices and assigned a cost to a mobile-related breach.

It found that for an enterprise, the economic risk of a mobile data breach includes direct operational costs, as well as a potential maximum loss from non-compliance and reputational damage. It also found that mobile data breaches are more common than previously thought.

Another key issue revealed by the report is that IT and security leaders grossly underestimate just how mobile their employees have become.

For example, customer records are some of the most at-risk types of data: On average, IT executives believe 19% of employees can access customer records via mobile devices, while 43% of employees say they can. With mobile data breaches happening at the majority of enterprises today, this visibility gap introduces an unacceptable risk, according to the report.

"As the Lookout/Ponemon research shows, employees are dragging companies into the mobile era," Aaron Cockerill, vice president of products for Lookout, said. "In 2016 and beyond, enterprises need to focus on introducing mobile security measures that safely enable productivity on mobile devices, rather than stop people from working the way they want to."

Other key findings from the report included the following:

  • Fifty-six percent of data accessible on PCs is also accessible on mobile devices.
  • Mobile data access is projected to increase by at least 50% in the next two years.
  • An average enterprise spent up to $16.3 million per year, or $9,485 per infected device, to investigate, contain and remediate mobile, malware-based attacks.       
  • An average enterprise investigated and triaged only 26% of devices, meaning there are more than 1,200 infected, but overlooked, devices in an enterprise at any given time.
  • Only 36% of respondents said their organization is vigilant in protecting sensitive or confidential data stored on or accessed by employees' mobile devices. 
NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).