IDG Answers is a community of experts who are passionate about technology. Ask a question or answer one below.
I think a big part of the problem is that many people just do what they want, no matter the corporate policy. It is human nature to minimize appreciation of risk, with the implicit assumption being more or less that bad things happen to other people. If you happen to live in a state without motorcycle helmet law, just look at the number of people that ride without any protective gear. I've actually worked with a guy that crashed his bike and spent time in ICU who then made fun of me for wearing a helmet, asking me whether I was planning to crash and that if I was afraid of motorcycles maybe I shouldn't ride them. The funny thing about that is I actually race sportbikes at the amateur level, while he just rides a cruiser around town, and I've walked away from a high speed get off. Like I said, it's human nature to deny risk instead of managing them. If ICU can't teach people about risk mitigation, it's a good bet that a corporate memo outlining security risks of smartphones is going to fall on deaf ears.
It might still be worth a shot to send out a memo reminding people of all the recent phone hacking scandals, and perhaps establishing a zero tolerance policy for employees leaving their smartphones unprotected if they are used for work related purposes. Even if there is no practical way to enforce it, perhaps it would get a few more employees to take basic security measures.