Mobile security is an increasingly important frontier in the war between hackers and cyber defenders. The past year alone has been a steady stream of Apple iOS hacks, Google (GOOG) Android snafus, and other problems for mobile phones and tablets.
Are businesses paying enough attention to that risk?
Fortune checked in with Kevin Mahaffey, co-founder and chief technology officer at mobile security firm Lookout, about the state of mobile security. His company recently released a survey examining the issue.
Mahaffey’s company, based in San Francisco, develops apps that detect and defend against electronic attacks. It was founded in 2007, the same year Apple (AAPL) unveiled the iPhone.
In June, Lookout entered the enterprise market where it competes with companies like Check Point (CHKP). Lookout has 75 million users worldwide, about half of whom are in the United States.
“We were a company started by nerds and engineers—we like using data to understand things,” says Mahaffey of Lookout’s recent research report.
The most surprising finding in the report, he says, is the percentage of data breaches attributable to mobile devices. Nearly three-quarters of the 100 IT and security leads surveyed (about half of whom are chief information security officers) reported that their organizations have “experienced a data breach as a result of a mobile security issue.”
Common reasons for mobile data breaches? Malware-laden apps, security holes, and unsecured Wi-Fi connections, according to the study.
As businesses continue to let employees use their personal devices for work, smartphone security is likely to rank higher and higher on the IT priority list. That much the report makes clear. “Mobile devices are not just being used to post to Twitter and read email anymore,” Mahaffey says. “Everything I can do on my laptop, I can do on my mobile device.”
As many as 82% of respondents said that employees in their organizations have access to “the majority of their corporate data” through mobile devices. That reality—intended to lift worker productivity—means that hackers have more ways to gain access to corporate networks. And the IT leads recognize that threat: Nine out of 10 respondents said they plan to invest more in mobility security over the next year. (No doubt good news for Lookout.)
Despite the survey’s findings, the tone of Lookout’s report conflicts with that of another highly cited data breach study: Verizon’s 2015 data breach investigations report. That study downplays the threat posed by handsets.
In Verizon’s (VZA) view, mobile security is not yet a big issue. “This report is filled with thousands of stories of data loss—as it has been for years—and rarely do those stories include a smartphone,” the Verizon report’s authors write. But they concede that those circumstances will likely eventually change.
Why the disparity, then, between Verizon’s findings and Lookout’s?
Mahaffey says that the different findings might be due to their surveys’ differing methodologies. Verizon’s data is mostly based on its computer forensics team and the breach-related messes at other companies that it’s called in to fix. Meanwhile, Lookout’s report is based on asking IT pros to self-report incidents that their organizations most likely handled internally.
Not all data breaches are created equal, of course. So, perhaps these intrusions in the Lookout report were not as severe.
In any case, it’s always a good idea to take reports by companies with a self-interest in the matter with a grain of salt. Security firms sometimes inflate the risk of attacks to drum up business. Meanwhile, wireless carriers may have an incentive to downplay the risk so as to avoid scaring customers.
As for Mahaffey, he’s undaunted by Verizon’s findings about the relative safety of mobile devices.
“The bad guys, whenever they see gold, they go after it,” he says.
Subscribe to Data Sheet, Fortune’s daily newsletter on the business of technology.
For more on mobile security, watch the video below.
[fortune-brightcove videoid=4403273310001]
