Mobile security survey : the lack of risk awareness is the main barrier

Our team has conducted a short survey about mobile application security perceptions amongst more than 100 companies developing mobile applications. The result is impressive : one half of these companies do not secure their applications especially because of a lack of risk awareness.

 

There are many SMBEs developing mobile applications

In this survey more than 100 mobile applications specialists have given their views (developers, project managers and product managers). 80% of them work for SMBEs, mostly software companies and IT consulting companies.

sc1

sc2

 

One in two companies does invest in mobile application security

This will not surprise cybersecurity specialists, but still it is worth noting that 1 out of 2 respondent says his company is concerned by mobile application security and has a budget for it. About 30% of respondents say that their company is interested in the topic but has not invested on it yet. While about 20% of respondents say that mobile application security is not a priority or that they do not even know what it is all about.

If we consider that the simple fact of answering a questionnaire about mobile security does already show a minimum of interest for the topic (or some good will), this excludes a number of people who feel unconcerned about it. So the results of this study are very likely to be too optimistic about people’s interest for security issues.

sc3

Lack of risk awareness and lack of security skills are considered to be the main barriers

When asking people about the barriers to mobile application security, the budget does not come first. Most people say it is the lack of risk awareness (according to 55% of respondents) and the lack of security skills (according to 52% of respondents).

The supposed lenght and complexity of security projects is another reason (according to 37% of respondents) that almost comes ex-aequo with budgetary constraints (according to 39% of respondents).

sc4

 

Processing personal data does not necessarily increase security issues awareness

It is also worth noting that 78% of people who answered our questionnaire said that some applications developed by their company processes personal data.
Despite the new european regulation for personal data protection, there is much work to do for security issues to become systematically dealt with by all companies who develop applications processing personal data.

It is also important to keep in mind that even when mobile application do not store data, they can be used as doors to access a company’s servers that hosts sensitive data. This is also why they represent a security threat.

sc5

 

But the findings of this study could have been worse. It is positive that 80% of respondents have shown an interest for security, although this only reflects the views of those who accepted to answer a mobile security questionnaire.

Without any surprise, security testing (manual and/or automated) is the security solution that inspires most trust. This corresponds to SMBEs’ expectations to get concrete and easy to execute solutions to their security challenges.

 

Looking at the many security hot topics in the daily news, and also looking at the increasing number of security conferences in the digital economy events, we can bet that the problem of poor risk awareness will strongly decrease over the coming years.