Mobile devices have become one of the most vulnerable gateways for cyberattacks, according to Verizon’s 2025 Mobile Security Index (MSI). The report found that 85% of organisations saw an increase in mobile attacks over the past year, while 75% boosted mobile security spending to counter the growing threat. However, the rapid adoption of generative AI (genAI) tools is expanding the attack surface and introducing new risks.
The report highlights that 34% of organisations fear that large-scale AI-powered attacks could significantly raise their risk exposure, while 38% believe ransomware will become even more dangerous when enhanced by AI. Despite these concerns, only 17% of businesses have implemented specific controls against AI-assisted attacks.
Almost all organisations (93%) said employees use genAI on mobile devices, and 64% cited data compromise through genAI as their top mobile risk. Verizon described this combination of widespread AI use and limited safeguards as a “perfect storm” of vulnerabilities, where human error continues to be the weakest link.
Human error remains the weakest link
While AI is enabling more sophisticated attacks, employee mistakes continue to play a major role in security breaches. Verizon’s findings show that 80% of organisations experienced phishing or smishing attempts targeting staff. Among those that ran smishing simulations, 39% reported that up to half their employees clicked on a malicious link.
Chris Novak, Vice President of Global Cybersecurity Solutions at Verizon Business, said, “This year’s Mobile Security Index is a clear wake-up call: mobile security is no longer a perimeter defence, but a battle fought in the palm of every employee’s hand. With the rise of AI, we’re witnessing a Category 5 hurricane in mobile security, where AI is the wind – and human error is the open window.”
The MSI also found that 91% of organisations are confident they could detect employee misuse of mobile devices quickly, yet many still experienced significant consequences after a breach. Around 63% of respondents suffered major operational disruptions due to downtime, while half reported data loss, the most feared outcome of mobile security incidents.
Smaller firms under greater strain
The study revealed that small and medium-sized businesses (SMBs) feel particularly vulnerable to cyber threats. Over half (57%) of SMBs said they are at a disadvantage compared to larger enterprises due to limited resources, and 54% believe they have more to lose from a breach. Larger companies, meanwhile, tend to take more proactive security measures, such as providing comprehensive AI risk training (50% of enterprises versus 39% of SMBs) and implementing advanced multifactor authentication (57% versus 45%).
Despite the differences in resources, organisations of all sizes are struggling to keep up with the evolving threat landscape. Verizon’s report warns that confidence without proper investment in prevention and training can leave even the best-equipped enterprises exposed.
Building resilience in an AI-driven threat landscape
As AI continues to reshape cyber risks, Verizon emphasised the need for a unified, multi-layered approach to mobile and network security. Novak noted that, “While threats evolve, so do defences. A proactive and multi-layered approach to mobile security is no longer just a best practice, it’s a business imperative. This includes robust employee training, clear AI usage policies, and intelligent security solutions.”
The report calls for organisations to integrate mobile and network defences to ensure continuous visibility and protection. This approach enables businesses to innovate and collaborate securely while maintaining resilience against evolving cyber threats.
The 2025 MSI, based on insights from 762 professionals across various industries and regions, provides a detailed analysis of how companies are managing the intersection of AI, human behaviour, and mobile security risks.
