Not only company systems ...
...but BYODs, too. Malware on Android is all-pervasive and continues to get worse, yet this format for doing business continues to be pushed. If you have a device issued by the company and ONLY containing company secured apps (without 'open' permissions, for example), and you restrict any additions not approved and done by IT, then you may have something workable. That means no FB, Twitter, gaming .. if you want that, then buy your own device and don't use it for work.
Keep Up with TechRepublic