A lost iPhone can be as bad as losing a wallet. Sometimes it can be much, much worse. Whether it was stolen, actually lost, or just gone - like at the bottom of a pool - doesn't matter.
NOTE: This advice is the same for any Android and some Windows phones as well.
What to do now:
1) Remotely wipe the device. Regardless of what happened you should immediately start the remote wipe process. It's easy from iCloud. Any smartphone can be wiped from modern Exchange email including Office 365.
2) Call your wireless carrier. They can remotely disable the phone as well to prevent unauthorized calls or charges.
3) Reset passwords on any accounts accessible through your phone such as your bank, Paypal, email, etc.
Prepare for the next time this will happen:
1) Always require a PIN or password on your smartphone. This should be corporate policy and is enforceable centrally. IT can require all phones that access the email system have a PIN or password.
2) Implement a mobile device policy. Some staff may not want to erase a phone if there are baby pictures or other personal data on it. Maybe it will show up tomorrow" they say. If there is corporate data on the phone the IT department needs to be informed immediately when it is lost and the phone needs to be erased.
3) Encrypt your phone. This is nearly a full-proof way of ensuring no one will access the pictures, emails, or other items on your phone without your password. Forget the password and that means you too!
Encrypt your Android (some models/versions will vary)