Kaspersky Lab Survey shows employees are slow to report stolen mobile devices

A Kaspersky Lab survey of global IT security professionals has found that as the rate of stolen mobile devices has increased, the average time for IT departments to respond to this security threat has also grown. The cause of this delay is employees becoming slower to notify their employers of missing devices, with only half of employees globally reporting theft quickly. Across businesses that experienced mobile device theft, 19% said the device theft resulted in the loss of business data, meaning businesses have approximately a one-in-five chance of losing data if a corporate mobile device is stolen.

After receiving input from thousands of IT security managers around the world including the GCC as part of the company’s 2014 IT Security Risks survey, Kaspersky Lab can report that more than one-third of employees (38%) take up to two days to notify their employers of stolen mobile devices, and 9% of employees wait three – five days. The percentage of employees who notified their employers the same day the incident occurred decreased from 60% to 50% from 2013 to 2014. This delay can create a significant window of vulnerability and makes the loss of sensitive business data more likely.

The survey also found that the rate of mobile device theft overall has continued to climb over the years, with8.6% 25% of companies in the GCC experiencing the theft of a mobile device in 2014, an increase from the 5% reported in 2011. However, as stolen devices become more common, employees appear to be responding more slowly, with only half of employees in 2014 reported a stolen device on the same day the incident occurred. The growing prevalence of stolen mobile devices may be a contributing factor to employee apathy, since a stolen smartphone might now be seen as a somewhat common occurrence, and not a rare crisis that demands attention.

The rate of mobile device theft varied significantly across regions. The Middle-East reported the lowest rate of mobile device theft by far, with 8% of businesses reporting an incident, followed by 15% in Japan and Russia.

Given this rising rate of device and data theft surrounding mobile devices, it should come as no surprise that 57% of survey respondents in the GCC indicated they are “more concerned about mobile” than in previous years. In fact, 57% went further, saying that “mobile working patterns introduce too much risk”, despite the obvious productivity benefits these devices can bring to the business. Another 53% believe that “BYOD (Bring Your Own Device) mobile policies present an increased security risk” for businesses.

Meanwhile mobile device usage rate continues to grow. More than one-third (35%) of survey respondents in the GCC listed “the integration of mobile devices” as one of their top concerns during the past 12 months.

This leaves IT managers dealing with multiple security challenges associated with a mobile workforce, and as the demand for mobility increases, users appear to be less engaged in helping secure mobile platforms. This is a tough set of circumstances that requires a well-planned security policy and the right security technology.

A mobile device management (MDM) policy that integrates within existing endpoint security software can be a huge value to IT managers trying to stay ahead of mobile security challenges. By keeping an MDM policy managed through the same console as other endpoint security software, IT managers can enforce policies customized to each individual employee, including “containerization” that keeps business information on mobile devices encrypted and separated from personal data on employee-owned devices. Fully-equipped MDM software also provides a variety of anti-theft measures, including the ability to remotely delete business data from stolen devices. Kaspersky Lab’s mobile security solutions include these and more features and are available as a separate product or within the flagship Kaspersky Endpoint Security for Business platform.