SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Large cracked smartphone digital warnings business people modern office
#
DevOps
#
Application Security
#
Advanced Persistent Threat Protection

Mobile app breaches cost firms USD $7 million despite confidence

Yesterday
Author image
By Shannon Williams, Journalist

More than 60% of organisations have experienced at least one mobile app security incident over the past year, despite high confidence in their own defences, according to a new study released by Guardsquare.

The research, conducted by the Enterprise Strategy Group and surveying over 300 global decision-makers across application development, cybersecurity and IT, reveals that while 93% of respondents believe their protections are sufficient to prevent attacks, 62% reported security incidents affecting their mobile applications within the last year. On average, organisations recorded nine incidents each during this period.

Financial implications

The financial effect of these security lapses is considerable, with the average cost of a mobile app security breach reaching USD $6.99 million in 2025. The findings highlight the need for urgent attention to the gap between perception and reality in mobile application security across industries.

"The convenience of using applications on mobile devices for everything from shopping, to paying bills, to checking personal records puts pressure on companies across industries to ensure the security of their mobile applications," said Melinda Marks, Practise Director, Cybersecurity, for Enterprise Strategy Group. "However, as they work to rapidly deliver innovative, feature-rich applications for their customers, they need an effective approach to incorporate security into development processes without compromising speed so they can deliver secure applications. They also need to ensure protection of their running mobile applications, which can be attractive targets for hackers looking for vulnerabilities to exploit to gain access to valuable company or customer data."

Impacts beyond finances

Beyond direct financial loss, organisations reported a range of other negative consequences from mobile security breaches. Over half experienced application downtime, while 48% cited leaks of sensitive data. Other notable impacts included erosion of consumer trust (41%) and a decline in user experience (38%).

Development cycle pressures

The pace of mobile application development is accelerating, with organisations releasing an average of 13 unique mobile apps in 2025, up from 10 in 2023. This push for speed is felt keenly, as indicated by 74% of organisations that reported increased pressure to accelerate development. However, 71% acknowledged that these faster release cycles have come at the expense of proper security measures.

Security strategy gaps

Notable weaknesses were identified in the security strategies deployed by organisations. Approximately 40% rely exclusively on in-house or operating system security mechanisms. Only 31% use code obfuscation to protect their applications, making them susceptible to static code analysis, and 60% of organisations have not deployed Runtime Application Self-Protection (RASP) technologies.

Need for layered security

The study underscores the necessity of adopting a comprehensive, multi-layered strategy for mobile application security, recommending robust code hardening, proactive runtime protection, thorough testing, and continuous threat monitoring. While 63% of organisations carry out mobile application security testing and almost 60% implement threat monitoring, significant vulnerabilities remain due to insufficient coverage in other areas.

"Organisations are increasingly recognizing the necessity of a holistic, multi-layered approach to mobile app security," said Roel Caers, CEO of Guardsquare. "The fact that 46% of organizations prioritize security technologies that seamlessly integrate into developers' existing workflows signals a positive shift towards solutions that can provide robust security with efficient development practices without compromising on security or app performance."

Evolving priorities

The study identified several changes in organisational priorities. Legal consequences of mobile app breaches are on the rise, with 31% of respondents reporting that they have faced legal repercussions following a security incident. Additionally, 84% of organisations expect to increase their budget allocations for mobile app security in the future.

Integration of security directly into development processes has also become a focus, with 46% of organisations planning to embed security technologies and practices into their existing development workflows and tools.

Survey methodology

The research was conducted in January 2025 with 315 respondents, comprising decision-makers in application development, cybersecurity and IT from a range of industries and organisation sizes. Respondents were drawn from the United States, the United Kingdom, Brazil, and Singapore, with both midmarket and enterprise organisations represented.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Ransomware, AI & vendor risks drive billions in 2025 breaches
DevOps platforms see surge in outages & downtime in 2024 report
UK universities & insurers launch GBP £2 million AI risk project
Bitdefender named sole Visionary in 2025 Gartner EPP report
Netskope named Leader in Gartner SASE Magic Quadrant again

Top stories

Golden dMSA flaw in Windows Server 2025 exposes Active Directory
Low trust in third-party vendors weakens UK digital resilience
F5 unveils AI Assistant to automate iRules & simplify app security
Rubrik boosts AWS database security with DynamoDB, RDS tools
Fortinet named SASE leader by Gartner, eyes USD $28.5 billion market