Apple have never really played ball...
...years ago, when at the NHS, we had NHS Mail. I may get some of this wrong as it was over 9 years ago. You could view your NHS mail on a personal device as long as it had separate encryption token or something. Annoying that I now can't remember. Anyway, it was something specific that the exchange would look for on your device. If it saw it, you could get NHS Mail, if it couldn't see it, you couldn't access it (probably more complicated than that but still)
Anyway. I had a iPod Touch at the time. It turned out, Apple were, either via a bug or on purpose, sending a flag back to the Exchange claiming it had this feature installed, when it didn't. So you could then access NHS Mail on that iPod Touch without any lock key enable or any other security. I believe this "issue" was on tech sites at the time.
It took Apple about a year to admit it and patch it. And that was a year I had NHS Mail on an unsecured iPod Touch to prove a point no one was checking.
But then that was with a trust that, after having left for months, left my NHS mail account open so for months, that iPod Touch was still getting e-mails. Until, eventually, I got bored of it and wiped it yet the account stayed open.