us mobile enterprise risk survey 2013
Post on 18-Oct-2014
76 views
DESCRIPTION
This survey was undertaken by Absolute Software to explore and understand current attitudes toward data security, privacy and responsibility as it relates to employer-owned mobile devices.TRANSCRIPT
2013 US Mobile Enterprise Risk Survey Summary Report
November 2013
Objectives & Methodology
Objective • Explore and understand attitudes toward data security, privacy and
responsibility as it relates to employer-owned mobile devices.
Methodology • From November 15 to 29, 2013, an online survey was conducted
among 750 US adults age 18+ who have a mobile phone for work purposes, and work for a company with 1000 employees or more. Any discrepancy in or between totals is due to rounding.
• Note that bases of less than 100 are used with caution, and bases of less than 30 are not reported on.
2
2013 US Mobile Enterprise Risk Survey Summary Report
October December
Work Phone Data
Work Phone Ownership
Base: Respondents that use the same phone for work or personal use (n=696) Q5b. Is your work mobile phone the same as your personal mobile phone? Base: All Respondents (n=750) Q5c. Who owns your work mobile phone?
Yes 63%
No 38%
4
Work Phone same as Personal
Phone Ownership
Nearly two-thirds have a phone that doubles as a personal as well as a work phone. Just over half personally own their work phone, while the rest use a phone owned by their employer.
I own it 58%
My employer owns it
42%
Amount of Personal Private Data on Work Phone
Base: All Respondents (n=750) Q18. How much of what's on your work mobile phone would you consider 'private' (for your eyes only)?
29%
24%
17%
10%
20%
Nothing is private
Just a couple things
About half
More than half
Everything on my mobilephone is private
5
Nearly three quarters (71%) of respondents feel that at least some of their data on their work phone is for their eyes only.
Replaceable Data on Your Work Phone
Base: All Respondents (n=750) Q19. How much of what's on your work mobile phone would you say can be replaced?
6%
8%
17%
34%
35%
I cannot replace anything on mymobile phone
I cannot replace most of what'son my mobile phone
I can replace about half of what'son my mobile phone
I can replace most of what's onmy mobile phone
I can replace everything on mymobile phone
6
Most (94%) of respondents feel at least some portion of their work phone data is replaceable, and a third (35%) feel that everything on their phone is replaceable.
Importance of Information on Your Work Phone
Base: All Respondents (n=750) Q12. Thinking about the following types of information on your work mobile phone, which one would you want to protect the most?
12%
18%
14%
16%
9%
10%
10%
5%
2%
2%
2%
15%
14%
15%
10%
11%
10%
7%
8%
4%
4%
2%
15%
8%
10%
10%
14%
11%
9%
12%
5%
4%
3%
41%
40%
39%
36%
34%
31%
26%
25%
11%
10%
7%
Work email
Personal contacts
Work contacts Login details for corporate
portals and platforms Work files
Personal email
Photos
Work applications / portals
Notes
Social media account data
Music Ranked 1st Ranked 2nd Ranked 3rd
7
Email and contacts emerge as the most important information stored on a work phone, with four in ten respondents ranking them in the top three. Personal and work contacts are rated equally important. Login details for work are also ranked as important by about a third (36%) of respondents.
Worth of Data on Your Work/Personal Phones
Base: All Respondents (n=750) Q16. What do you think the corporate data on your work mobile phone is worth? Q17. What do you think the personal data on your work mobile phone is worth?
59%
13%
10%
18%
$0 to under $500
$500 to under$1000
$1000 to under$3000
$3000+
Corporate Data
60%
12%
8%
5%
16%
$0 to under $500
$500 to under$1000
$1000 to under$3000
$3000+
Priceless
Personal Data
8
Over half (59%) consider the worth of the corporate data on their phone to be less than $500. Personal data is rated the same, with 60% considering their personal data to be worth less than $500.
2013 US Mobile Enterprise Risk Survey Summary Report
October December
Work Phone Security
10
Nearly all (94%) respondents characterize their workplace as at least moderately secure, with 61% saying they consider their security strict.
Security Culture of Workplace
Base: All Respondents (n=750) Q13. How would you describe the security culture of your workplace?
6%
32%
61%
Lax:We don't have any formal policies and
don't worry about it.
Moderate:We have policies but not everyone
knows or is forced to follow them
Strict:We have clear policies that are
enforced
Formal Company Procedure for Lost Work Phones
Base: All Respondents (n=750) Q9. Does your company have a formal procedure for when a device is lost?
44%
18%
10%
6%
23%
Yes, and it is communicated to allemployees
Yes, but it is not clearly communicatedto all employees
No, we don't have a formal policy andare not looking to introduce one
No, we don't have a formal policy, butthey are looking to introduce one
I don't know
11
Nearly two-thirds (62%) report that their company has a policy for lost phones, although nearly a quarter (23%) report ignorance of company policy.
Penalty for Employer Leaking Your Personal Data
Base: All Respondents (n=750) Q14. From the following list, what penalty do you feel is appropriate if your employer leaks your personal data?
6%
22%
62%
10%
Nothing, I don't care if my employershares my data freely
They should be fined but there shouldbe no legal action
They should be fined and face legalcharges
They should be prevented fromcontinuing business
12
Nearly three-quarters (72%) of respondents feel that an employer should face harsh penalties for leaking personal data. 94% agree that there should at least be some ramifications for doing so.
Appropriate Penalty for You Losing Company Data
Base: All Respondents (n=750) Q15. Of the following, what penalty do you feel is appropriate if you personally lose/leak company data?
38%
25%
20%
11%
6%
My access to restricted data should berevoked or restricted and monitored
Nothing, data security isn't myresponsibility
I should be punished by my employer(demotion, reassignment, docked pay)
I should be fired
I should pay fines from my employer orlevied against my employer
13
Three-quarters (75%) of respondents feel that they bear some responsibility for company data, and should face penalties for losing any. Interestingly, one quarter (25%) feel that data security is not their responsibility.
2013 US Mobile Enterprise Risk Survey Summary Report
October December
Losing a Work Phone
Lost/Stolen Work Phones
86%
12%
2%
1%
0
1-2
3-4
5+
Number Lost
44%
37%
11%
7%
2%
Immediately
Within 4 hours
Between 4-8 hours
Longer than 8 hours
Can't remember
When Realized Lost
15
The majority of respondents (86%) report that they have never lost a work phone. Of those that have, nearly all (81%) report being quick to realize it was lost.
Base: All Respondents (n=750) Q6. How many work mobile phones have you lost or had stolen? Base: Have lost or had a work phone stolen (n=105) Q7. How long did it take you to realize you lost your work mobile phone?
Actions After Losing a Work Phone
Base: Not had work mobile phone lost or stolen (n=645) Q8. Of the following, which action are you most likely to take first when a work mobile phone is stolen or lost? Base: Have lost or had a work phone stolen (n=105) Q8b. Of the following, which action did you take first when your work mobile phone was stolen or lost?
32%
22%
14%
10%
9%
7%
5%
Contact IT
Contact service provider
Utilize my tracking service to locate my device
Get a new device
Change personal account passwords
Change work account passwords
None of these
Action Most Likely to Take if Lost/Stolen
29%
25%
16%
11%
8%
4%
8%
Contact service provider
Contact IT
Get a new device
Utilize my tracking service to locate my device
Change work account passwords
Change personal account passwords
None of these
Action Taken When Lost/Stolen
16
Of those that have not lost a work phone, over half (55%) report that their first response would be either to contact IT or their service provider upon losing a phone. The story is similar amongst those that have lost a phone, with 53% indicating that their first reaction is to notify IT or their service provider.
Changed Security Habits
Base: All Respondents (n=750) Q10. Have you changed your security habits (i.e., updating passwords frequently) after going through a device loss, theft or hearing about one?
Yes 43%
No 57%
17
Over half of respondents (57%) indicate that they have not changed their security habits.
Penalty When Losing a Work Phone
Base: Not had work mobile phone lost or stolen (n=645) Q11. Of the following, what do you think the penalty would be to you individually if your work mobile phone was lost or stolen? Base: Have lost or had a work phone stolen (n=105) Q11b. Of the following, what was the penalty when your work mobile phone was lost or stolen?
29%
27%
13%
11%
9%
28%
7%
I would have to replace thedevice
I would get a talking-to, butnothing else
Workplace sanctions
I'd be at risk of a financialfine
My job would be at risk
Nothing
None of these
Penalty if Lost/Stolen
30%
21%
16%
13%
12%
34%
3%
I had to replace the device
I got a talking-to, but nothingelse
Workplace sanctions
I had to pay a financial fine
My job was at risk
Nothing
None of these
Penalty When Lost/Stolen
18
About half (55%) of respondents who have not lost a phone, feel that they would have minor repercussions such as having to replace a lost phone. Of those who have lost a phone, the story is similar, with 51% reporting the same. In both cases, close to a third (28% to 34%) reported no repercussions expected or experienced for a loss.
Amount of Time to Restore Settings on Your Mobile Phone
Base: All Respondents (n=750) Q20. How long do you estimate it would take to restore all the settings, apps, and content on a new work or personal mobile phone if your device was lost or stolen?
30 minutes or less
25%
31 - 60 minutes
26% 61 - 120 minutes
17%
More than 2 hours
21%
Don't know 11%
19
About half of respondents (51%) estimate that restoring their settings would take about an hour or less.
Respondent Profile
20
41% 59%
Gender Age Group
Education Income Region
25%
50%
25%
18 to 34
35 to 54
55 +
4%
15%
77%
4%
<$25K
$25K to $50K
$50K+
Prefer not to say
7%
29%
64%
HS or less
Someuniversity
University+
24%
24%
33%
19%
Northeast
Midwest
South
West
Base: All Respondents (n=750)
Respondent Profile (Cont'd)
Base: All Respondents (n=750) Q. How many people does your company or organisation employ in total (including other offices and other countries)? Q. And which of the following best describes (or is most equivalent to) your job position within your company / organisation?
40%
60%
Between 1000 and4999 employees
5000 employees ormore
17%
50%
14%
13%
6%
C-level/SeniorManagement
MiddleManager/Intermediate
Professional/Junior…
JuniorProfessional/Executive/
Technician/Tradesperson
Other
None of the above
Company Size Employment Title