A new study by Spiceworks shows mobile security is a hot-button issue in IT but there’s not much being done about it.

According to the study, 98 percent of IT professionals are concerned about security risks affecting mobile devices, but less than half of them are actively working to protect these devices, either through mobile device management solutions or anti-malware software. The results of the study are particularly surprising given the rise in security breaches gaining attention during the past year.

The study, sponsored by Samsung, which surveyed 300 U.S. respondents from varying industries during September. Among the most interesting results of the survey: Budgetary constraints and a general perception of lack of internal concern are the two biggest factors holding back many IT administrators from ramping up their mobile security.

The lack of protection for mobile devices is even more alarming considering the number of devices in the enterprise workspace. According to the study, eight out of 10 IT administrators support between one to two mobile devices per employee, with 90 percent confirming employees are mostly bringing smartphones to work. An additional 77 percent reported employees using tablets, while 21 percent are using wearables—a number that has increased nearly 8 percent since May, according to the Spiceworks.

According to the study, about 55 percent of mobile devices in the workplace are company-owned, 35 percent are owned by employees and 10 percent are employee-owned but company subsidized. This number is expected to shift in the next three years, with 54 percent of respondents expecting the number of employee-owned devices to become dominant in the workplace.

So what are IT professionals doing to protect their enterprise mobile devices? Not much, according to Spiceworks. Many admins have chosen to simply limit user access to corporate data in an effort to protect sensitive information. And among those who do or plan to utilize some form of mobile security within the next year, only 49 percent will choose an MDM solution, while 41 percent are planning to adopt malware and anti-virus software specifically designed for mobile devices.

“IT professionals understand the risks associated with mobile security and are taking some steps to protect their workplaces,” said Kathryn Pribish, Voice of IT program manager at Spiceworks. “However, we’re seeing a gap in how companies are dealing with mobile security, where IT departments are either fully embracing BYOD and investing in security software and devices or they’re choosing to take a lightweight approach to adoption by limiting user access to company data. Soon, companies will have to ditch this either-or approach to adoption in order to create a workplace where mobile devices and company data can peacefully coexist.”

IT professionals need to be wary of falling victim to their own apathy when it comes to protecting enterprise mobile devices, as a general lack of concern is surely something hackers will exploit. And if these admins are indeed as worried about potential breaches as they claim to be, what will it take to get them to invest in more secure solutions for their employees? Hopefully enterprises can wise up and be more proactive without needing to wait for the next disaster to strike.