With a lost iOS device there are a number of things that need to be considered. Even though all data on modern iOS devices is stored in an encrypted form using the hardware based encryption without a passcode the data is still accessible. If the device was secured using a passcode the attacker would have to brute force the passcode to gain access to the device and the data contained on it. Brute forcing a long passcode could take a considerable amount of time as the attack would have to be carried out on the physical mobile device due to the hardware encryption. If the setting or policy was set so the device would automatically wipe itself after ten invalid attempts, the data should be considered more secure unless the passcode was easy to guess.