Companies are realizing that BYOD may have seemed like a gain because it was one less thing they had to pay for, but mobile device use has long-term consequences. Regulation hasn't kept pace either, but that's changing, Ponemon said. Fines and lawsuits are not far behind. As the opportunity for data insecurity increases, federal, state and local agencies such as the Federal Trade Commission and even Health and Human Services are starting to look at mobile devices and trying to come up with specific guidelines that match the pervasiveness and nature of technology, he said. The discussion is in the early stages, but they're realizing the policies have to change to meet with workplace and IT realities.