Organisations rethink mobile app security amid rising breaches

Research from Enterprise Strategy Group has revealed that organisations are reassessing their approach to mobile application security amid findings that a significant number have suffered breaches despite high confidence in their protections.

Analysis conducted for the report highlighted that 62% of organisations experienced mobile app breaches in the past year, with the average number of incidents per organisation reaching nine. The results contrast sharply with the 93% of respondents who stated that they believe their mobile app security is sufficient.

Speed pressures

The study pinpointed the fast pace of development cycles as a major risk factor. Over seven in ten organisations acknowledged that the drive to accelerate release schedules has led to compromises in mobile app security.

"The data is clear, and the perceived trade-off between speed and security is a false choice that is costing organizations," said Roel Caers, CEO of Guardsquare. "When developers are under immense pressure to release new features, and security is seen as a roadblock, they are forced to sacrifice protection for time-to-market. This reactive, fire-fighting approach is unsustainable. What's needed is a proactive, integrated strategy where security is an enabler, not a hindrance."

Low adoption of security practices

The report identified deficiencies in the implementation of standard mobile security measures. Approximately 70% of respondents reported not employing code obfuscation in their mobile apps, and 60% stated they lack Runtime Application Self-Protection, commonly referred to as RASP. These omissions leave applications susceptible to both static and dynamic code analysis by malicious actors.

A further finding dispelled any notion that iOS applications are inherently secure: over 70% of surveyed organisations judged iOS apps to pose at least a moderate security risk, countering widespread industry beliefs.

Impact of breaches

The ramifications of mobile application breaches extended beyond financial losses, with more than half of respondents indicating they had suffered application downtime due to security incidents. Forty-eight percent reported that data leakage had occurred, and 41% cited a loss of consumer trust as a direct outcome of security breaches.

These impacts underline what Enterprise Strategy Group's research described as a shifting landscape in organisational priorities, where confidence in security controls is no longer enough to ensure protection against an evolving threat environment.

"As organizations face pressure to develop feature-rich applications that can be easily used from any device, attackers often target vulnerabilities in mobile applications," said Melinda Marks, Practise Director, Cybersecurity, for Enterprise Strategy Group. "To stay ahead of threats and attacks, security teams need to take a proactive approach to mobile application security with the right tools and processes incorporated into development workflows to help developers optimize efficiency and security as they release robust applications."

Move to proactive approaches

The research found that organisations are increasingly aware that reliance on reactive security - addressing incidents after they occur - is insufficient. As the perceived trade-off between operational speed and robust security comes into question, many are seeking to embed protective measures throughout the development cycle rather than as an afterthought.

These findings indicate a broad recognition within the sector that strengthening mobile application security requires ongoing evaluation of risks and a willingness to adopt proactive and integrated strategies across enterprise development teams.