Our team has conducted a short survey about mobile application security perceptions amongst more than 100 companies developing mobile applications. The result is impressive : one half of these companies do not secure their applications especially because of a lack of risk awareness.
There are many SMBEs developing mobile applications
In this survey more than 100 mobile applications specialists have given their views (developers, project managers and product managers). 80% of them work for SMBEs, mostly software companies and IT consulting companies.
One in two companies does invest in mobile application security
This will not surprise cybersecurity specialists, but still it is worth noting that 1 out of 2 respondent says his company is concerned by mobile application security and has a budget for it. About 30% of respondents say that their company is interested in the topic but has not invested on it yet. While about 20% of respondents say that mobile application security is not a priority or that they do not even know what it is all about.
If we consider that the simple fact of answering a questionnaire about mobile security does already show a minimum of interest for the topic (or some good will), this excludes a number of people who feel unconcerned about it. So the results of this study are very likely to be too optimistic about people’s interest for security issues.
Lack of risk awareness and lack of security skills are considered to be the main barriers
When asking people about the barriers to mobile application security, the budget does not come first. Most people say it is the lack of risk awareness (according to 55% of respondents) and the lack of security skills (according to 52% of respondents).
The supposed lenght and complexity of security projects is another reason (according to 37% of respondents) that almost comes ex-aequo with budgetary constraints (according to 39% of respondents).
Processing personal data does not necessarily increase security issues awareness
It is also worth noting that 78% of people who answered our questionnaire said that some applications developed by their company processes personal data.
Despite the new european regulation for personal data protection, there is much work to do for security issues to become systematically dealt with by all companies who develop applications processing personal data.
It is also important to keep in mind that even when mobile application do not store data, they can be used as doors to access a company’s servers that hosts sensitive data. This is also why they represent a security threat.
But the findings of this study could have been worse. It is positive that 80% of respondents have shown an interest for security, although this only reflects the views of those who accepted to answer a mobile security questionnaire.
Without any surprise, security testing (manual and/or automated) is the security solution that inspires most trust. This corresponds to SMBEs’ expectations to get concrete and easy to execute solutions to their security challenges.
Looking at the many security hot topics in the daily news, and also looking at the increasing number of security conferences in the digital economy events, we can bet that the problem of poor risk awareness will strongly decrease over the coming years.