More than half the organizationsresponding to a new survey said they have no response ready for ahack into data on notebooks, tablets and smartphones their staff isusing as “bring your own devices.”

(Click on the chart at right toexpand.)

The survey–conducted by Information Technology IntelligenceConsulting and security trainer KnowB4.com– also found that half ofthe respondents concede that BYOD and corporate-owned devices may have beenbreached in the past 12 months without their knowledge, leavingdata and applications alike vulnerable to internal and externalthreats.

ITIC and KnowBe4 said they drew their conclusions from aFebruary survey conducted online among IT professionals at morethan 300 organizations in 30 vertical market segments including 80%from North America and ranging in size from fewer than 200employees to more than 10,000.

Along with no knowing they had been breached or having a planfor dealing with problems from personal devices, ITIC and KnowBe4said, “56% of organizations acknowledge they are not fortifyingtheir existing security measures, taking extra precautions orimplementing security training despite recent high-profile securityattacks against Fortune 1000 firms like Adobe, Reuters, Target,Skype, Snapchat and others.”

Other survey highlights:

• 34% of the participants acknowledged they either “have no wayof knowing” or “do not require” end users to inform them ofsecurity issues with employee-owned BYOD.
• Three in 10 respondents were unaware or unable to discernwhether BYOD security breaches impacted servers, mission criticalapps or network operations.
• 32% said they either have no BYOD-specific security in place ordon't know.

Recommendations from the report–titled “2014 State of CorporateServer, Desktop and BYOD Security Trends Survey”“–include:

• Conduct regular security audits and vulnerabilitytesting. Include server hardware, server OS, applicationand network infrastructure to identify vulnerabilities and comparesecurity across platforms.
• Regularly review and update policies andprocedures. Corporations should review and update theirsecurity policies annually at a minimum or as needed to addressemerging technologies and trends like BYOD and mobility.
• Perform due diligence. Become familiar withall specifics of the platform before beginning any new technologydeployment (such as server hardware, application software,virtualization and cloud deployments.)
• Ensure compliance. The ability to adhere tocompliance standards and meet service-level agreements hinges onserver security, reliability and uptime.
• Estimate the cost of downtime. “Being able toaffix a monetary cost to a security breach and assess the potentialrisk and damages that ensue in the wake of a security breach, willmake the most cogent and compelling case for strong securitymechanisms and security awareness training,” ITIC and KnowBe4said.