Organizations Know Mobile App Security Matters, But Lag on Implementation

A recent global survey conducted by independent market research firm Vanson Bourne in partnership with Guardsquare found that organizations rank security as the most impactful element of mobile app development — even ahead of app performance. However, organizations’ reported investments in app security do not align with this prioritization. 

For example, 81% of respondents agreed that iOS standard security isn’t enough, and 84% said the same about Android. Yet 96% of respondents still report that they’re relying to some extent, if not completely, on these app store default protections for security. 

This is just one example of where even organizations who understand the value of security are falling short on delivering secure mobile apps. Let’s take a deeper look at the findings. 

Who Vanson Bourne Surveyed

500 respondents across the Americas, Europe, Middle East and Asia-Pacific took part in the survey. As mobile apps are now a keystone strategy for companies of all sizes and sectors, Vanson Bourne surveyed the full gamut. Organizations ranging from 200-2,500+ employees participated, with job titles such as information technology, software engineering and development among the respondents.

Organizations Know Security is Key, but Aren’t Acting on this Reality

Why aren’t organizations taking their own advice when it comes to mobile app security? Survey respondents report that security is top of mind, but their actions tell a different story.

One potential factor in this misalignment is the desire to build custom solutions rather than buy established services. A large portion of respondents, up to 54% in the Americas, report developing their security solutions in-house. However, the choice to “build” can result in security deficiencies. This may be because app security needs to shift frequently and deep expertise in mobile app security is increasingly difficult to establish in-house. In-house security solutions are more difficult to maintain, less likely to offer sufficient security, and require significant resources to stay ahead of the changing landscape. Plus, they often make the development process more complex, resulting in friction between developers and security teams.

Additionally, while organizations state that they are spending significant time on security, they aren’t reaping the benefits of doing so. An average of 41% of the time spent building mobile apps reportedly goes toward security. Apps take an average of six months to complete, so this means more than two months are being spent on security. Yet the vast majority of respondents admit their apps could be better protected from mobile attacks.

This may be because security is stuck in a single lane. Teams prioritize security most during the development stage, but incorporating it throughout the software development lifecycle is the proven best practice. 

What’s at Stake When Mobile App Security is Overlooked?

Respondents in this survey reported an average of eight security incidents over the past 12 months. When you consider what’s at stake with each incident, from financial losses to reputational damage, that’s a shocking number.

The most common categories of mobile app security incidents included:

1. Malware insertion (38%)
2. Piracy (32%)
3. Security circumvention (27%)
4. IP Theft (27%)
5. Code modification (26%)
6. Advertisement hijacking (25%)
7. App behavior alteration (25%)

A range of factors played into these incidents taking place. Remote working has been a challenge to 76% of respondents when it comes to maintaining security. Tight deadlines and a lack of internal alignment were also common issues. 

Respondents indicate that they’re keenly aware of the risks their organizations face without a proactive security solution in place. Improvement is a matter of marshalling resources and focusing on the right areas.

It’s Time to Prioritize Mobile App Security

This survey revealed a gap between best practices and reality when it comes to mobile app security. When in-house teams are stretched too thin, or working outside of their expertise, security is often compromised. Beyond the financial and regulatory risks involved, mobile apps are increasingly popular, with marked growth during the pandemic. Mobile apps are often a user or customer’s primary experience of a brand, which puts direct revenue as well as brand reputation and user trust on the line when security issues come to light.

The good news is that organizations seem to be aware that their security procedures are lacking. Among survey respondents who had not yet invested in a mobile app security solution, 86% plan to in the future.

The pressures of regulatory requirements and competition can add up, on top of prioritizing customers’ in-app user experience. Building mobile apps that are secure by design will go a long way toward reducing the number of incidents, costs of remediation, and overall risk.