Mobile app security
A full 82% said increased use of mobile apps represents at least a significant increase in security risk.
More than three-quarters (77%) cited the need to rush apps to market, followed by a lack of understanding of best practices (73%), lack of quality assurance practices (68%) and lack of internal security policies (64%).
65% said mobile app security is sometimes put at risk due to customer demand or need. Cross-site scripting (XSS) is deemed to be a major threat; 54% said XSS through mobile apps will increase in the next 12 months.
61% said their organizations will need to address the growing risk of malware-infected mobile apps. Only 29% said their organization has ample resources to do so.
A full 77% said securing mobile apps is hard, versus only 7% that said it was easy. Only 41% of respondents said their organizations have sufficient mobile app security expertise, and only 14% rate their effectiveness as high.
About a third (33%) admitted their organizations do not scan for vulnerabilities. Yet, 61% said data leakage is a real problem.
Less than half said they test apps. Of the 46% that do test, 30% report discovering flaws.
Only 11% of internally developed apps are tested every time code changes, versus 23% for purchased or outsource apps.
Nearly four in 10 (39%) said employees can use mobile apps on corporate devices, while 55% said they can use them on their own devices. Just over half (55%) report their organization does not have a mobile app use policy.
An average of $34 million is spent annually on mobile app development, but only 5.5%, or $2 million, is allocated to mobile app security. Nevertheless, 60% said mobile app security is a high priority.