BYOD grows, but disagreement remains over who should take the blame for security lapses

BYOD grows, but disagreement remains over who should take the blame for security lapses

Summary: New research suggests that while employees are keen to use their own devices at work, they don't really want to take the blame if it causes a security nightmare


Many staff are keen to exploit the bring your own device (BYOD) trend, but working out who is responsible for device security remains a sticking point.

According to research commissioned by BAE Systems Detica, security remains the biggest issue for BYOD adoption. More than one third (34 percent) of office workers with a personal device who responded to the survey admitted that they have failed to update their personal device's security in the last six months, while a further third of those (11 percent) have never installed or updated security for their own devices.

The problem worsens when the research shows that a third of office employees (30 percent) do believe that they should be held directly responsible for data loss or theft and close to half (44 percent) believe that both they and the company should be equally responsible.

But employees are realistic enough to believe responsibility should noe be foisted onto the company - only 13 percent think it is was solely the company’s responsibility.

Regardless of security issues, the boundaries between personal and work devices are blurring. According to the research, in a typical week almost three-quarters of office workers now use one or more personal devices, such as smartphones, to do their work. Almost half use two or more.

But the research notes that according to the Information Commissioner's Office's (ICO) guidance companies are accountable for the loss of data by their employees, "irrespective of whether it was on a personal or work device".

This means that, "while the boundaries between personal and work devices may be blurring, the responsibility for a security breaches is crystal clear", the research spelt out.

Half of the employees surveyed said they did not believe that insecure personal devices made their employer vulnerable to a cyber attack, even though nearly one in five admitted "a compromise" to their personal device in the past six months is worrying (although the research does not make clear what damage, if any, was done).

BAE Systems Detica commissioned YouGov to conduct online research among 4,283 adults.

Topic: BYOD and the Consumerization of IT


Colin Barker is based in London and is Senior Reporter for ZDNet. He has been writing about the IT business for some 30-plus years. He still enjoys it.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • BYOD Insecurity

    Data security is compromised when the company does not control the device. Most users are not security aware and often not saavy enough to keep their devices updated. If the company owns the device then the responsibility is clearly delineated.

    A related issue is when someone leaves with a BYOD how does the company ensure no confidential information leaves?
  • If companies are dumb enough to allow workers to use un-secured devices...

    They responsibility falls SQUARELY on their shoulders.