As the Bring Your Own Device (BYOD) movement gains traction among companies looking to incorporate mobile technology into their systems, a study finds that 71% of businesses that do enable employees to use their own mobile devices do not have policies and procedures for BYOD deployment and security.

The study, conducted by security awareness training firm KnowBe4 and research and consulting firm ITIC, polled 500 companies around the world in July and August. It found that while almost two-thirds of businesses permit BYOD for company network access, only 13% have set policies for dealing with BYOD deployment. Another nine percent are currently developing policies.

The BYOD movement, while helping companies cut technology costs and allow for employee mobility, does leave organizations vulnerable to security breaches. Without policies and security awareness training in place, the study says companies are putting their data and information at risk.