BlackBerry Study Reveals Enterprises Are Aware of Risks and Threats in Mobile Deployments

November 13, 2014

- Survey reveals only 35% of respondents are confident data protected from mobile threat

- Two-thirds say mobile is the weakest link in data security

- Widespread fear of reputational, financial damage

WATERLOO, ONTARIO--(Nov. 13, 2014) - A global study released today revealed a significant gap between what enterprises understand is putting them at risk with their mobile deployment and how actively they are taking steps to combat those risks, according to BlackBerry Limited (NASDAQ:BBRY)(TSX:BB), a global leader in mobile communications.

The gap in understanding how inadequately managed mobile devices in the workplace can contribute risk - yet not taking action to mitigate that risk is evident, as 66 percent of those surveyed acknowledge they find it difficult to keep up with current and emerging mobile threats, while 70 percent of the same respondents say they know they are more tolerant of risk than they should be with their enterprise mobility. This increases to 76 percent in BYOD environments.

For organizations with governance, risk and compliance (GRC) demands, this gap leaves them vulnerable to attacks or industry regulation breaches that put them at financial and reputational risk. The survey found that only 35 percent of executives, risk compliance officers and IT managers within large organizations are very confident that their organization's data assets are fully protected from unauthorized access via mobile devices. In fact, more than two-thirds believe that mobile devices are the weakest link in their enterprise security framework.

Respondents indicated that they have been too lax in assessing and guarding against risks such as lost or stolen devices, unapproved apps and cloud services, as well as inadequate separation of work and personal use of devices. Consequences in mishandling these issues could lead to immeasurable reputational damage, significant financial penalties and loss of revenue through the loss of trade secrets, or misappropriated customer data. These threats are so critical that 75 percent of those surveyed believe that their organization's GRC groups should be more involved in developing enterprise mobility strategy.

"Deloitte's clients face a wide range of complex issues when assessing the adoption of new technology. From Deloitte's own research, we know that Digital Risk and in particular mobile technologies are of growing concern," said Kieran Norton, Principal, Security & Privacy, Deloitte & Touche LLP. "As the technical capabilities of connected devices increase exponentially, so do the threats to devices, data and infrastructure as well as wider risks around issues such as regulatory compliance and operational support. While clients recognize the potential upside of mobile driven innovation, at this time we still see many companies grappling with the implications of mobile technologies and finding the 'sweet spot' where new business opportunities are exploited while managing risk and balancing the tradeoff between control and user experience."

"It's startlingly clear that mobile technology has transformed daily business faster than most businesses have been able to adapt," said John Sims, President of Global Enterprise Services, BlackBerry. "Leaders at all levels of organizations around the world are realizing the very real gaps that exist in their technology infrastructure - and the potentially devastating consequences of a breach. As workforces become ever more mobile, BlackBerry leads the industry in developing solutions that provide flexibility without sacrificing security."

The findings raise serious concerns about the risk exposure faced by enterprises at a time when mobile challenges are growing. Nearly two-thirds of respondents reported the number of data breaches their organization has experienced via mobile devices has increased in the last year, and 66 percent said that it is difficult for their organizations to keep up with emerging mobile trends and security threats.

Additional mobile security trends emerging from survey respondents and their organizations included:

  • Increasing need for Enterprise Mobility Management (EMM). Seventy-six percent of study participants said the risk of legal liability and costly lawsuits will increase without concerted efforts to adopt comprehensive enterprise mobility management strategies.
    • 61 percent say their organization miscalculates or underestimates risk by focusing on the device rather than the entire mobility landscape.
    • The head of internal audit at a professional services company interviewed for the study said: "Attitudes are changing with regard to work and where you do it. The danger is that as the behavior changes and we use more mobile technologies, the controls do not keep up."

  • Reconsideration of bring-your-own-device (BYOD) policies. Fifty-seven percent said that they would consider curtailing policies that allow employees to use their personal mobile devices at work (BYOD) in favor of more secure end-to-end solutions such as corporate owned, personally enabled (COPE).
    • 77 percent reported that it is increasingly difficult to balance the needs of the business and those of the end user when it comes to mobility.
    • A vice president of technology at a financial services firm said: "As soon as someone is on the news there will be a backlash."

  • Mobility partners must provide secure, future-ready solutions. Sixty-nine percent said their methods for choosing mobility vendors need to be updated to reflect the current risk and mobility landscape.
    • 73 percent said they want providers to have security credentials and certifications when determining how best to implement EMM solutions.
    • 58 percent want their partners to have a clear mobility roadmap and solutions that adapt to changing technologies.

To learn more about the survey in an accompanying infographic and to download the complete report, "Moving Targets in Risk" visit: www.blackberry.com/risktolerance.

Infographic: www.blackberry.com/select/riskinfographic/

About the Global Survey

The study by Loudhouse Research was commissioned by BlackBerry and conducted in July and August 2014. The survey included 780 individuals in six countries with ultimate governance, risk, compliance (GRC) responsibility in organizations with 1,000 or more employees (500-plus in Australia). Participants represented a cross-section of companies and sectors deploying a variety of mobile operating systems and management protocols.

About BlackBerry

A global leader in mobile communications, BlackBerry® revolutionized the mobile industry when it was introduced in 1999. Today, BlackBerry aims to inspire the success of our millions of customers around the world by continuously pushing the boundaries of mobile experiences. Founded in 1984 and based in Waterloo, Ontario, BlackBerry operates offices in North America, Europe, Asia Pacific and Latin America. The Company trades under the ticker symbols "BB" on the Toronto Stock Exchange and "BBRY" on the NASDAQ. For more information, visit www.blackberry.com.

Forward-looking statements in this news release are made pursuant to the "safe harbor" provisions of the U.S. Private Securities Litigation Reform Act of 1995 and applicable Canadian securities laws. When used herein, words such as "expect", "anticipate", "estimate", "may", "will", "should", "intend", "believe", and similar expressions, are intended to identify forward-looking statements. Forward-looking statements are based on estimates and assumptions made by BlackBerry Limited in light of its experience and its perception of historical trends, current conditions and expected future developments, as well as other factors that BlackBerry believes are appropriate in the circumstances. Many factors could cause BlackBerry's actual results, performance or achievements to differ materially from those expressed or implied by the forward-looking statements, including those described in the "Risk Factors" section of BlackBerry's Annual Information Form, which is included in its Annual Report on Form 40-F (copies of which filings may be obtained at www.sedar.com or www.sec.gov). These factors should be considered carefully, and readers should not place undue reliance on BlackBerry's forward-looking statements. BlackBerry has no intention and undertakes no obligation to update or revise any forward-looking statements, whether as a result of new information, future events or otherwise, except as required by law.

BlackBerry and related trademarks, names and logos are the property of BlackBerry Limited and are registered and/or used in the U.S. and countries around the world. All other marks are the property of their respective owners. BlackBerry is not responsible for any third-party products or services.

Media Contact:
BlackBerry Media Relations
(519) 888-7465 x77273
mediarelations@BlackBerry.com

Investor Contact:
BlackBerry Investor Relations
(519) 888-7465
investor_relations@BlackBerry.com