According to research from XcelleNet, 77 per cent of UK companies allow corporate information to reside on employees' personal devices.
A higher number (82 per cent) of organisations have no way to wipe data from lost or stolen mobile devices.
"People still have no concept of swiping information off lost or stolen devices," said Mike Oliver, European field marketing manager for XcelleNet. "There's no policy in place. It's a year down the line until they realise how much work they have to do."
The survey found 25 per cent of devices are unprotected by password or encryption.
The research was carried out on more than 70 organisations including 02, British Airways, The Royal Bank of Scotland and several police forces.
"I think mobile computing is becoming an acceptable way of work, but some of the more detailed aspects haven't been evaluated," said Oliver. "People are suddenly starting to realise that you can't rely on the user for security."