Study: App security remains risky

Armonk, N.Y. – Mobile app use continues growing rapidly, but businesses are not keeping pace with security. According to new research from IBM and Ponemon Institute, nearly 40% of more than 400 large companies studied, including many in the Fortune 500, aren’t taking the right precautions to secure the mobile apps they build for customers.



The study also found organizations are poorly protecting their corporate and bring your own device (BYOD) mobile devices against cyber-attacks – opening the door for hackers to easily access user, corporate and customer data.



The average company tests less than half of the mobile apps they build. Also, 33% of companies never test their apps – creating a plethora of entry points to tap into business data via unsecured devices. Fifty percent of these organizations were found to devote zero budget whatsoever towards mobile security.



Among the organizations, each spent an average of $34 million annually on mobile app development. Of this tremendous budget, however, only an average of $2 million – or 5.5% – is currently being allocated to ensuring that mobile apps are secure against cyberattacks before they are made available to users.



In addition, 65% of organizations state the security of their apps is often put at risk because of customer demand or need, and 77% cite “rush to release” pressures as a primary reason why mobile apps contain vulnerable code. Of the companies that actually do scan for vulnerabilities before deploying apps to the market, only 15% of them test their apps as frequently as needed to be effective.



Furthermore, although most employees are “heavy users of apps,” more than half (55%) state their organization does not have a policy which defines the acceptable use of mobile apps in the workplace, and 67% of companies allow employees to download non-vetted apps to their work devices. Additionally, 55% of organizations say employees are permitted to use and download business apps on their personal devices (BYOD).