Unclear Responsibility and Growing Risks in IoT and Mobile Application Security

IoT is exploding into the mainstream and mobile applications are increasingly pervasive in enterprises, but concerns about the security of both are growing rapidly.

The core challenge is the absence of clear responsibility for IoT and mobile security; vendors ship applications with little or no security focus, and organizations often cannot manage or even identify the apps in use.

In short, mobile and logistics security issues are likely to worsen under current conditions.

Who is responsible?

A recent Ponemon Institute study, referenced by Infosec Island, shows that confusion over who owns security during development, testing, and implementation remains a major problem for enterprises.

53% of organizations worry about breaches via mobile devices, while 58% are concerned about threats from IoT applications; 44% admit they have taken no protective measures, and 11% are unsure whether they have.

This uncertainty extends to the sheer number of applications in use: 75% of respondents lack confidence in their visibility of employee‑used apps, with 37% explicitly reporting a lack of trust.

Catch up with the market, secure IoT

More than two‑thirds (69%) say mobile app security is poor because development teams are pressured to ship quickly, and three‑quarters blame vulnerable management of these applications.

Only 5% believe the CISO should bear primary responsibility for IoT security; most point to engineering or business units instead.

Prioritizing IoT security

The two standout challenges are market fragmentation for mobile and IoT, and the pressure on developers to treat security as an afterthought; security must be integrated from the start, not added later.

The fast‑moving, competitive market excels at innovation but is gradually eroding IoT and mobile security, with risks only rising until the security community and market take decisive action.