Juniper Research published a report today that claims up to 80% of all smartphones are running without having any kind of protection against malware installed, even in spite of the growing awareness of security threats and the wide availability of mobile security software.

According to Juniper’s researchers, of the 1.4 billion smarphones in the world, only around 325 million of those devices actually have security software installed. One of the main reasons for this low level of security software adoption is that many users are still unaware of how big a threat malware really is. In addition, Juniper Research points to a general misconception that security software is expensive to install on devices. The good news is that people are slowly coming around, with Juniper predicting that about 1.3 billion mobile devices, including smartphones and tablets, will have security software installed by 2019.

All well and good, but in the meantime all of those unprotected phones are going to present some serious problems, particularly for enterprises that operate BYOD policies. A recent Harman Report shows that a whopping 89% of business users do work related tasks on their smartphones, which means that most of these will be doing so without any kind of security on their devices. Even more worrying is that Android continues to grow as the most dominant mobile platform, with thousands more devices being activated each day than other handsets – being built on an open-surce platform, Android is by far and away the most insecure mobile platform.

With smartphone usage in the enterprise only set to grow further, IT departments need to get a handle on the rising mobile threat as soon as possible. The problem is exacerbated by the rise of BYOD, which has left many unprepared IT and security departments scrambling to create effective risk management solutions. Unfortunately, this scramble to develop risk management policies for BYOD often results in the creation of ineffective guidelines, according to an Information Security Forum (ISF) report. An article in Dark Reading further elaborates on this, stating that BYOD risk management is tricky due to the “ambiguity that often surrounds the concept, especially when it comes to security.”

Mobile devices are vulnerable to a wide range of threats from malware, including exploits that target applications or the operating system, exploitation of software vulnerabilities by malware that exposes data, unauthorized connections and the compromise or irrecoverable loss of corporate data.

The challenge for IT departments will be figuring out how to ensure that BYOD devices can be kept secure whilst accessing corporate networks, without hindering those who use them. For sure, there are numerous mobile security apps available to choose from, many of which are free to download, but solutions are rarely that simple.

Instead, the mobile malware risk needs to be integrated with a broader BYOD policy that’s based on an understanding of how employees will use their devices to link to corporate networks, writes James Drakes for WTXL. In a nutshell, IT departments need to understand how these interactions take place in order to identify the true risks to their organizations. Only when those risks are known will it be possible to create an effective BYOD policy that’s compatible with the business’s needs.

BYOD is expected only to grow in the near future, and the threat of mobile malware is sure to rise alongside it. Once again, security has been outpaced by technology, and IT departments urgently need to catch up.