Despite widespread concern about the security of mobile and Internet of Things (IoT) applications, organizations are ill-prepared for the risks they pose, according to a research report issued today from Ponemon Institute, IBM Security, and Arxan Technologies. “Mobile and IoT applications continue to be released at a rapid pace to meet user demand. If security isn’t designed into these apps there could be significant negative impacts,” says Diana Kelley, Global Executive Security Advisor, IBM Security. Some of the key findings from the report below:

— Many organizations are worried about an attack against mobile and IoT apps that are used in the workplace. Organizations are having a more difficult time securing IoT apps. Respondents are slightly more concerned about getting hacked through an IoT app (fifty-eight percent) than a mobile app (fifty-three percent). However, despite their concern, organizations are not mobilizing against this threat.

— Material data breach or cyber attacks have occurred and are reasons for concern. Sixty percent of respondents know with certainty (eleven percent), most likely (fifteen percent) or likely (thirty-four percent) that their organization had a security incident because of an insecure mobile app. Respondents are less certain whether their organization has experienced a material data breach or cyber attack due to an insecure IoT app.

— The risk of unsecured IoT apps is growing. Respondents report IoT apps are harder to secure (eighty-four percent) versus mobile apps (sixty-nine percent). Additionally, fifty-five percent of respondents say there is a lack of quality assurance and testing procedures for IoT apps.

— Despite the risk, there is a lack urgency to address the threat. Only thirty-two percent of respondents say their organization urgently wants to secure mobile apps and forty-two percent of respondents say it is urgent to secure IoT apps.

— Not enough resources are being allocated…yet. Only thirty percent of respondents say their organization allocates sufficient budget to protect mobile apps and IoT devices. If they had a serious hacking incident, their organizations would consider increasing the budget (fifty-four percent of respondents). Other reasons to increase the budget are if new regulations were issued (forty-six percent of respondents) or media coverage of a serious hacking incident affecting another company occurred (twenty-five percent of respondents).