Mobile app security is on the top of everyone’s mind, but despite that, a recent survey shows that nearly half of enterprises take no steps at all to protect their mobile apps. Just as surprising, the survey found, almost a third feel no urgency to secure their mobile apps.

Those are just a few of the findings in the 2017 Study on Mobile and Internet of Things Application Security from the Ponemon Institute, IBM Security and security vendor Arxan Technologies. The study is based on a survey of 593 IT and IT security practitioners involved in the security of mobile and IoT devices. Read on for the highlights of the study.

Perhaps the most surprising finding is the disconnect between the mobile dangers facing enterprises and the sometimes cavalier attitude they take towards mobile security. The study found that 60% of companies have had a data breach caused by an insecure mobile app — but 44% are taking no steps to protect their apps. In addition, the survey found that only thirty-two percent of respondents say their companies urgently want to secure their mobile apps.

Mandeep Khera, Chief Marketing Officer of Arxan, warns, “The laissez-faire attitude toward the security of mobile and IoT applications needs to come to an end and organizations must start emphasizing security in the development process in order to prevent a detrimental attack.”

So far, though, the survey found that the laissez-faire attitude is prevalent. Only 30% of those who responded to the survey say their company has a sufficient budget to protect mobile apps and IoT devices.

What would it take to get the companies to increase their security budget for mobile apps? Fifty-four percent of respondents say a serious hacking incident would get them to do it. Forty-six percent say they would increase the budget if new security regulations were issued. And 25% say they would increase the budget if there were media coverage of a serious hacking incident that affected another company.

The survey also found that only 29% of mobile apps are tested for vulnerability at their companies, and that on average, 30% of all mobile apps tested contain vulnerabilities. That should be no surprise: 39% of respondents say that they don’t test mobile apps for security until production, and not at all during the development process. Because of security issues like these, we’ve built mobile app security directly into Alpha Anywhere.