Among the organisations, each spent an average of US$34 million annually on mobile app development.
Of this tremendous budget, however, only 5.5 percent is currently being allocated to ensuring that mobile apps are secure against cyber-attacks before they are made available to users while a full 50 percent of companies devote no budget to security.
Tending to prioritise speed-to-market and user experience, the study found that many of these organisations scan their mobile apps for security vulnerabilities infrequently and much too late – if at all – leaving entry points which hackers are increasingly exploiting.
These holes allow cyber-thieves to gain access to confidential business and personal data through BYOD or corporate mobile devices.
According to IBM X-Force research, in 2014 alone, over 1 billion pieces of personally identifiable information (PII) were compromised as a result of cyber-attacks.
During the creation of mobile apps, Barlow claims end user convenience is trumping end user security and privacy.
According to the study, 65 percent of organisations state the security of their apps is often put at risk because of customer demand or need, and 77 percent cite “rush to release” pressures as a primary reason why mobile apps contain vulnerable code.
Of the companies that actually do scan for vulnerabilities before deploying apps to the market, only 15 percent of them test their apps as frequently as needed to be effective.
As BYOD rises, mobile risks increase
For Barlow, BYOD has become increasingly popular, if not a necessity, for organisations.
The challenge arises when employees connect to unsecured networks or download insecure apps from untrusted sources, which leave the device vulnerable to malware.
As uncovered by the Ponemon Institute’s findings, even apps from trusted organisations and available in traditional app stores can carry enormous risks.
According to the study, though most employees are “heavy users of apps,” over half (55 percent) state their organisation does not have a policy which defines the acceptable use of mobile apps in the workplace, and a large majority – 67 percent – of companies allow employees to download non-vetted apps to their work devices.
Additionally, 55 percent of organisations say employees are permitted to use and download business apps on their personal devices (BYOD).