Post on 07-Nov-2014
description
2013 UK Mobile Enterprise Risk Survey Summary Report
November 2013
Objectives & Methodology
Objective • Explore and understand attitudes toward data security, privacy and
responsibility as it relates to employer-owned mobile phones.
Methodology • From November 15 to 29, 2013, an online survey was conducted
among 750 UK adults age 18+ who have a mobile phone for work purposes, and work for a company with 1000 employees or more. Any discrepancy in or between totals is due to rounding.
• Note that bases of less than 100 are used with caution, and bases of less than 30 are not reported on.
2
2013 UK Mobile Enterprise Risk Survey Summary Report
October December
Work Phone Data
Work Phone Ownership
Base: Respondents that use the same phone for work or personal use (n=701) Q5b. Is your work mobile phone the same as your personal mobile phone? Base: All Respondents (n=755) Q5c. Who owns your work mobile phone?
Yes 29%
No 71%
My employer owns it
4
Use of Work Phone for Personal Use
Phone Ownership
Nearly three-quarters (71%) of respondents report that their work phone is separate from their personal use. Nearly the same (74%) report that their employer owns their phone.
I own it 26%
Amount of Personal Private Data on Work Phone
Base: All Respondents (n=755) Q18. How much of what's on your work mobile phone would you consider 'private' (for your eyes only)?
45%
25%
11%
6%
13%
Nothing is private
Just a couple things
About half
More than half
Everything on my mobilephone is private
5
About half (55%) of respondents feel that at least some of their data on their work phone is for their eyes only.
Replaceable Data on Your Work Phone
Base: All Respondents (n=755) Q19. How much of what's on your work mobile phone would you say can be replaced?
7%
8%
12%
30%
43%
I cannot replace anythingon my mobile phone
I cannot replace most ofwhat's on my mobile phone
I can replace about half ofwhat's on my mobile phone
I can replace most ofwhat's on my mobile phone
I can replace everything onmy mobile phone
6
Nearly three-quarters (73%) feel that all or most of what is on their phone is replaceable. Only 7% feel that all of their data is not replaceable.
Importance of Information on Your Work Phone
Base: All Respondents (n=755) Q12. Thinking about the following types of information on your work mobile phone, which one would you want to protect the most?
7
Work contacts and work email are ranked as most important, with personal contacts also emerging as top of mind as well.
24%
13%
18%
13%
9%
4%
5%
6%
3%
4%
3%
17%
16%
14%
10%
10%
8%
9%
7%
5%
3%
2%
13%
16%
9%
9%
13%
12%
8%
5%
9%
4%
3%
54%
45%
41%
32%
31%
23%
22%
18%
16%
11%
7%
Work contacts
Work email
Personal contacts
Login details for corporate …
Work files
Work applications / portals
Personal email
Photos
Notes
Social media account data
Music Ranked 1st Ranked 2nd Ranked 3rd
Worth of Data on Your Work/Personal Phones
Base: All Respondents (n=755) Q16. What do you think the corporate data on your work mobile phone is worth? Q17. What do you think the personal data on your work mobile phone is worth?
71%
9%
5%
15%
£0 to under £300
£300 to under £600
£600 to under£1800
£1800+
Corporate Data
77%
7%
4%
3%
9%
£0 to under £300
£300 to under £600
£600 to under£1800
£1800+
Priceless
Personal Data
8
Nearly three-quarters of respondents place a fairly low value on their phone’s data, with 71% rating corporate data and 77% rating personal data as worth less than ₤300.
2013 UK Mobile Enterprise Risk Survey Summary Report
October December
Work Phone Security
Security Culture of Workplace
10
Nearly all (97%) respondents characterize their workplace as at least moderately secure, with over two-thirds (68%) saying they consider their security strict.
Base: All Respondents (n=755) Q13. How would you describe the security culture of your workplace?
3%
30%
68%
Lax:We don't have any formal policies
and don't worry about it.
Moderate:We have policies but not everyone
knows or is forced to follow them
Strict:We have clear policies that are
enforced
Formal Company Procedure for Lost Work Phones
Base: All Respondents (n=755) Q9. Does your company have a formal procedure for when a device is lost?
41%
23%
9%
7%
21%
Yes, and it is communicated to allemployees
Yes, but it is not clearlycommunicated to all employees
No, we don't have a formal policyand are not looking to introduce one
No, we don't have a formal policy,but they are looking to introduce one
I don't know
11
Only four in ten (41%) of respondents feel their company has a clear policy for work phone loss. The remaining 59% either do not know what their company procedure is for lost phones, feel it is not clear or report that their company lacks such a policy.
Penalty for Employer Leaking Your Personal Data
Base: All Respondents (n=755) Q14. From the following list, what penalty do you feel is appropriate if your employer leaks your personal data?
4%
19%
69%
8%
Nothing, I don't care if myemployer shares my data
freely
They should be fined butthere should be no legal
action
They should be fined andface legal charges
They should be preventedfrom continuing business
12
The overwhelming majority (96%) state that their employer should face penalties for losing an employee’s personal data. Three-quarters (77%) feel these penalties should be stringent, including legal action.
Appropriate Penalty for You Losing Company Data
Base: All Respondents (n=755) Q15. Of the following, what penalty do you feel is appropriate if you personally lose/leak company data?
40%
23%
23%
8%
6%
My access to restricted data should berevoked or restricted and monitored
Nothing, data security isn't myresponsibility
I should be punished by my employer(demotion, reassignment, docked pay)
I should be fired
I should pay fines from my employer orlevied against my employer
13
While three-quarters (77%) of respondents agree that there should be some ramification to losing company data, most of these (40%) feel that restricting or monitoring access is the best solution. About one-quarter (23%) feel that data security is not their responsibility.
2013 UK Mobile Enterprise Risk Survey Summary Report
October December
Losing a Work Phone
Lost/Stolen Work Phones
Base: All Respondents (n=755) Q6. How many work mobile phones have you lost or had stolen? Base: Have lost or had a work phone stolen (n=115) Q7. How long did it take you to realize you lost your work mobile phone?|
85%
14%
1%
0%
0
1-2
3-4
5+
Number Lost
31%
48%
10%
8%
3%
Immediately
Within 4 hours
Between 4-8 hours
Longer than 8 hours
Can't remember
When Realized Lost
15
The majority (85%) report that they have never lost a work phone. Of those that have, 79% noticed the loss within 4 hours.
Actions After Losing a Work Phone
Base: Not had work mobile phone lost or stolen (n=640) Q8. Of the following, which action are you most likely to take first when a work mobile phone is stolen or lost? Base: Have lost or had a work phone stolen (n=115) Q8b. Of the following, which action did you take first when your work mobile phone was stolen or lost?
47%
22%
10%
6%
5%
4%
5%
Contact IT
Contact service provider
Get a new device
Utilize my tracking service tolocate my device
Change personal accountpasswords
Change work accountpasswords
None of these
Action Most Likely to Take if Lost/Stolen
37%
28%
13%
7%
6%
4%
5%
Contact IT
Contact service provider
Get a new device
Utilize my tracking service tolocate my device
Change work accountpasswords
Change personal accountpasswords
None of these
Action Taken When Lost/Stolen
16
Of those that have not lost a phone, the primary anticipated actions would be to contact IT (47%) or the service provider (22%). For those that have, the story is similar, with a third (37%) saying they contacted IT, and just over one-quarter (28%) reporting the loss to the service provider.
Changed Security Habits
Base: All Respondents (n=755) Q10. Have you changed your security habits (i.e., updating passwords frequently) after going through a device loss, theft or hearing about one?
Yes 33%
No 67%
17
Two thirds (67%) of respondents indicate that they have not changed their security habits.
Penalty When Losing a Work Phone
Base: Not had work mobile phone lost or stolen (n=640) Q11. Of the following, what do you think the penalty would be to you individually if your work mobile phone was lost or stolen? Base: Have lost or had a work phone stolen (n=115) Q11b. Of the following, what was the penalty when your work mobile phone was lost or stolen?
39%
12%
10%
6%
6%
30%
8%
I would get a talking-to, butnothing else
Workplace sanctions
I would have to replace the device
My job would be at risk
I'd be at risk of a financial fine
Nothing
None of these
Penalty if Lost/Stolen
20%
18%
9%
7%
4%
48%
9%
I got a talking-to, but nothing else
I had to replace the device
I had to pay a financial fine
Workplace sanctions
My job was at risk
Nothing
None of these
Penalty When Lost/Stolen
18
Over two-thirds (69%) of those who have not lost a phone would anticipate that they receive little to no penalty as a result. The story is similar amongst those who have experienced a loss, with 68% reporting either no penalty or a lecture only.
Amount of Time to Restore Settings on Your Mobile Phone
Base: All Respondents (n=755) Q20. How long do you estimate it would take to restore all the settings, apps, and content on a new work or personal mobile phone if your device was lost or stolen?
30 minutes or less
35%
31 - 60 minutes
25%
61 - 120 minutes
12%
More than 2 hours
14%
Don't know 14%
19
Nearly two-thirds (60%) estimate that restoring their phone would take an hour or less.
Respondent Profile
41% 59%
Gender
20
Age Group
22%
58%
21%
18 to 34
35 to 54
55 +
Income
7%
31%
53%
47%
15%
Less than £20K
£20K to £39,999 £40K to £59,999
£60K+
No answer
Education
1%
2%
2%
2%
1%
8%
11%
1%
1%
1%
6%
14%
12%
11%
28%
Recognized trade apprenticeship …
City and Guild certificate
City and Guild certificate - advanced
ONC
CSE grades 2 to 5
CSC grade 1, GCE O level, GCSE, School … GCE A level or Higher
Certificate Scottish Higher
Certificate
Nursing qualification
Teaching qualification
University diploma
University or CNAA first degree
University CNAA higher degree
Other technical, professional or higher …
Don't know/no answer
Region
12%
7%
7%
6%
2%
South (East & West)
North (East & West)
Midlands (East & West)
Scotland
Wales
Base: All Respondents (n=755)
Respondent Profile (Cont'd)
Base: All Respondents (n=755) Q. How many people does your company or organisation employ in total (including other offices and other countries)? Q. And which of the following best describes (or is most equivalent to) your job position within your company / organisation?
36%
64%
Between 1000 and4999 employees
5000 employeesor more
9%
56%
20%
13%
2%
C-level/SeniorManagement
MiddleManager/Intermediate
Professional/Junior…
JuniorProfessional/Executive/
Technician/Tradesperson
Other
None of the above
Company Size Employment Title