Below are the top take-aways from the Verizon 2025 Mobile Security Index report.
AI Threats vs. Lagging Defenses
A significant disconnect exists between the awareness of AI-driven threats and the implementation of specific defenses.
- High Concern: 77% of organizations believe AI-assisted deepfake and SMS phishing (smishing) attacks are likely to succeed.
- Low Preparedness: Despite this concern, deployment of relevant controls is dangerously low.
- Only 17% have implemented specific security controls against AI-assisted attacks.
- Only 12% have protections in place against deepfake-enhanced voice phishing.
- Only 16% have protections against zero-day exploits.
GenAI & Human Error Remain Top Risks
Widespread, unsecured use of Generative AI (GenAI) and fundamental human fallibility are the primary entry points for compromise.
- Widespread GenAI Use: 93% of organizations report employees are using GenAI tools on their mobile devices.
- Top GenAI Risk: 64% of respondents see “data compromise from employees entering sensitive information into genAI” as their top mobile device risk.
- Persistent Human Error: The human element remains a key vulnerability. In smishing simulations, 39% of organizations reported that between 26% and 50% of their employees clicked a malicious link.
- BYOD Amplifies Risk: Personal devices are a major weak point. 70% of mobile devices impacted by an attack are personal, not corporate-issued.