Because individual mobile devices are often expensive, the focus for individuals is frequently on physical security. While this is understandable, it's utterly meaningless from a business perspective.
Data picture from Shutterstock
Replacing a physical item of hardware isn't necessarily cheap -- the list price for a top-end modern smartphone often tops $1000 at launch (though it will generally sell for half that price within a year of release), and high-end laptops can be three times that cost. Regardless, it's an entirely predictable and fixed cost with a clear-cut process. If you need to replace a device, you can always replace a device.
This is an extract from Lifehacker's ebook Making Mobility Real: How To Choose The Right Tech For Your Business. You can download the entire ebook for free here.
The same is not true of the information which is stored on and accessible from that mobile device. This is a multi-pronged issue. Firstly, if you don't have well-automated backup processes that ensure that data is transferred from the device on a regular basis, then untold hours of work committed to finalising documents can be lost.
While many modern smartphones rely on storing data in the cloud, which mitigates that risk to some extent, the same isn't always true of laptops. It's also more likely that people will do extensive bouts of work on their laptop, work which can be costly and difficult to replace if anything happens to the device. A core element of security policy should be ensuring that work never exists solely on one local hard drive.
Even presuming you have those policies in place, a liberated laptop or stolen smartphone also presents another kind of security risk: the access it offers to your business data. Again, this is a multi-fold issue. Firstly, the information stored locally on the device could be vulnerable; secondly, the ability to log into online resources could put a broader swathe of data at risk. That data could cause both reputational damage to the business and expose future plans to other rivals. Password protection and encryption should drastically reduce those risks, but only form part of the overall planning needed.
The bottom line? When developing corporate security policy, ensuring data is protected should always be your primary goal. Physical protection of devices forms part of that approach, but it should not be the main focus.