Special Feature
Part of a ZDNet Special Feature: BYOD and the Consumerization of IT

BYOD grows, but disagreement remains over who should take the blame for security lapses

New research suggests that while employees are keen to use their own devices at work, they don't really want to take the blame if it causes a security nightmare

Many staff are keen to exploit the bring your own device (BYOD) trend, but working out who is responsible for device security remains a sticking point.

Read this

BYOD: From optional to mandatory by 2017, says Gartner

Latest research suggests half of employers will, in just four years' time, require employees to bring their own devices to work. Should BYOD be a requirement over a personal, optional decision?

Read More

According to research commissioned by BAE Systems Detica, security remains the biggest issue for BYOD adoption. More than one third (34 percent) of office workers with a personal device who responded to the survey admitted that they have failed to update their personal device's security in the last six months, while a further third of those (11 percent) have never installed or updated security for their own devices.

The problem worsens when the research shows that a third of office employees (30 percent) do believe that they should be held directly responsible for data loss or theft and close to half (44 percent) believe that both they and the company should be equally responsible.

But employees are realistic enough to believe responsibility should noe be foisted onto the company - only 13 percent think it is was solely the company’s responsibility.

Regardless of security issues, the boundaries between personal and work devices are blurring. According to the research, in a typical week almost three-quarters of office workers now use one or more personal devices, such as smartphones, to do their work. Almost half use two or more.

But the research notes that according to the Information Commissioner's Office's (ICO) guidance companies are accountable for the loss of data by their employees, "irrespective of whether it was on a personal or work device".

This means that, "while the boundaries between personal and work devices may be blurring, the responsibility for a security breaches is crystal clear", the research spelt out.

Half of the employees surveyed said they did not believe that insecure personal devices made their employer vulnerable to a cyber attack, even though nearly one in five admitted "a compromise" to their personal device in the past six months is worrying (although the research does not make clear what damage, if any, was done).

BAE Systems Detica commissioned YouGov to conduct online research among 4,283 adults.