Unauthorized Access to Employee Mobile Devices Leads to More Than Half of Organizations Experiencing a Data Breach, New Report Finds

Research conducted by Imprivata and Ponemon Institute finds 28% of IT and IT security practitioners say their organizations can secure devices and access to data, while less than half cite satisfaction with the access experience

Waltham, Mass. — Imprivata, the digital identity company for life- and mission-critical industries, and Ponemon Institute, unveiled new research that highlights security, financial, and operational consequences associated with existing enterprise-owned mobile device programs. The findings, detailed in a new report titled Unlocking the Cost of Chaos: The State of Enterprise Mobility in Life- and Mission-Critical Industries, show the costly reality: Without effective tools or a unified strategy, organizations experience significant challenges when implementing mobile devices.

While mobile devices have become crucial for advancing modern business operations, the findings indicate that just 28% of IT and IT security practitioners believe their programs and strategies can secure mobile devices and access to sensitive and confidential data. Moreover, employee usability has notable room for improvement, with just 31% citing ease of access to applications and data on shared devices. Repetitive, manual authentication is a common challenge, as is employee downtime due to devices that are unusable – with an average of 872 hours lost each week.

“Despite adopting mobile devices to enhance productivity, current access management and cybersecurity strategies are falling short,” said Fran Rosch, CEO at Imprivata. “And while all organizations are vulnerable to breaches that disrupt productivity and lead to financial loss, those in high-stakes industries often suffer dire consequences such as poor patient outcomes or the inability to deliver critical goods and services. This research comes at a crucial time for increasingly mobile industries like healthcare, retail, and manufacturing, to understand the challenges and optimize their significant investments in mobile technology.”

One of the more costly challenges revealed in the report involves dealing with lost mobile devices. Of the nearly 40,000 used by employees represented in this research, an average of 16% are lost each year, costing organizations an approximate $5.45 million annually. This does not factor in the costs of IT security and help desk support or diminished productivity and idle time, which add another $1.4 million, on average, every year.

Other key findings indicate:

  • User productivity would improve with remote mobile management. The process for maintaining and managing mobile devices takes place onsite all, or part of the time, for 67% of respondents – an inefficiency that needs addressing in the age of hybrid and remote work.

  • Many organizations’ strategies are failing to secure devices without creating usability issues. Sensitive data on mobile devices is vulnerable, with less than half (47%) of respondents citing their organizations secure vulnerable apps and just 40% saying they can protect data and privacy by locking down devices between each use. Moreover, just 40% say their programs enable quick access to mobile applications without repetitive, manual authentication.

  • No single industry is leading the charge on access management. Only 45% of respondents in industries including healthcare, manufacturing, and retail say their organizations are highly effective in protecting sensitive data on lost devices. Of all industries, healthcare spends the most on IT security support, totaling $750,270 annually. Healthcare organizations are also more severely impacted by diminished productivity or idle time when mobile devices are lost, with the average annual cost totaling $719,120.

  • All countries consider it very difficult to maintain access controls on shared devices. Sixty percent of IT and IT security practitioners in the UK and Germany cite a high degree of difficulty with access management, while 59% of those in the US agree.

“Today’s workforce demands flexibility and untethered access to data and tools from anywhere, at any time. However, this research shows current enterprise mobility strategies may be more of a hindrance than a help to many organizations and their employees,” said Joel Burleson-Davis, Senior Vice President of Worldwide Engineering, Cyber at Imprivata. “Organizations should start by conducting a readiness audit, designating responsibility of their mobile device strategies and programs to a key stakeholder such as the CIO or CTO, and then move ahead with implementing a robust access management strategy that optimizes security with usability. Only then can they win the trifecta of security, productivity, and financial sustainability.”

The study was conducted by Ponemon Institute on behalf of Imprivata and includes responses from 1,795 IT and IT security practitioners across the United States (604), the United Kingdom (364), Germany (584), and Australia (243) who are familiar with their organizations’ strategy for mobile workflow requirements and security practices.

View the complete findings in the report, Unlocking the Cost of Chaos: The State of Enterprise Mobility in Life- and Mission-Critical Industries.

About Imprivata

x Brown

About The Author