A perfect storm of generative artificial intelligence and persistent human fallibility is creating unprecedented mobile security challenges for businesses, according to a new report. The proliferation of powerful AI tools on mobile devices, used by employees often without specific security controls, is dramatically expanding the digital attack surface. Cybercriminals are exploiting this new landscape, leveraging the same AI technologies to create more sophisticated, personalized, and effective attacks that prey on human behavior.
According to the Verizon 2025 Mobile Security Index, the scale of the problem is significant and growing. A striking 85% of organizations reported an increase in mobile-based attacks over the past year. This has prompted three-quarters of businesses to increase their mobile security spending. However, these investments are struggling to keep pace with a rapidly evolving threat landscape where AI-driven phishing, smishing, and voice cloning attacks are becoming commonplace. The core issue remains the interaction between advanced technology and fundamental human error, a combination that leaves corporate defenses dangerously exposed.
A New Generation of AI-Driven Threats
The widespread integration of generative AI into daily workflows has been a watershed moment for both productivity and vulnerability. The Verizon report finds that employees in 93% of organizations now use generative AI tools on their mobile devices. This adoption has been swift, but corporate security policies have been slow to adapt. A concerning 64% of business leaders now cite data compromise through generative AI as their foremost mobile security concern. Despite this, only 17% of businesses have implemented specific security controls designed to mitigate AI-assisted threats, leaving a vast majority vulnerable.
Malicious actors are using AI to automate and enhance their attack methods at an alarming rate. AI is being used to write highly convincing phishing emails, with some data suggesting that AI is used in some form in over 82% of such emails. These AI-crafted messages are harder for employees to detect and can bypass traditional security filters more effectively. Beyond text, criminals are employing AI for deepfake scams and voice cloning to impersonate executives in business email compromise (BEC) schemes. The number of reported AI-enabled cyberattacks rose by 47% globally in 2025, with the average cost of such a data breach reaching $5.72 million.
The Persistent Vulnerability of Human Error
While technology creates new vectors for attack, human behavior remains the most reliable point of entry for cybercriminals. Human error is a factor in the vast majority of security breaches, with some studies attributing as many as 95% of breaches to mistakes made by employees. This vulnerability is starkly illustrated by the continued success of phishing and smishing (SMS phishing) campaigns. According to Verizon’s findings, 80% of organizations have conducted smishing simulations with their employees. In nearly four out of ten of those tests, up to half of the employees clicked on the malicious links, demonstrating a critical gap in security awareness and training.
The immediacy and personal nature of mobile communication make users particularly susceptible. Smishing attacks have a significantly higher success rate than email-based phishing, as users tend to place more trust in text messages. The risk is compounded by employee carelessness, such as using weak passwords, failing to follow security protocols, or sending sensitive information to the wrong recipients. Despite widespread training efforts, employee fatigue and simple mistakes continue to undermine even robust technological defenses, making it imperative for organizations to complement technical controls with continuous, targeted education that addresses the psychological elements of social engineering.
The Widening Security Divide for SMBs
While all businesses face these escalating threats, a significant resource gap exists between small and medium-sized businesses (SMBs) and their larger enterprise counterparts. According to the data, 57% of SMBs report they do not have the necessary resources to respond effectively to a cyberattack, and 54% believe they have more to lose from a security breach compared to larger companies. This disparity is reflected in their security practices. Enterprises are generally more proactive in implementing crucial defenses.
The Verizon report highlights key differences in preparedness:
- Security Training: 66% of enterprises provide mobile security training for employees, compared to just 56% of SMBs.
- AI Risk Education: Half of all enterprises deliver specific AI risk education, while only 39% of SMBs do the same.
- Authentication: 57% of enterprises have implemented advanced multifactor authentication (MFA), a critical defense layer, compared to 45% of SMBs.
This resource deficit leaves SMBs disproportionately vulnerable. Cybercriminals often view them as softer targets, using them as a potential gateway to attack larger partners within the supply chain. The lack of skilled security personnel, reliance on outdated technology, and overworked IT teams further compound the security challenges faced by smaller organizations.
Consequences of Inadequate Mobile Defense
The impact of a successful mobile-initiated cyberattack can be severe and multifaceted. It is not merely a matter of financial loss, but a significant disruption to business operations and a potential loss of customer trust. The Verizon study found that 63% of organizations that experienced a breach suffered from operational downtime, a 16% increase from the previous year. For many, this downtime lasted more than a single day. Perhaps more critically, half of the surveyed organizations suffered data loss, which is often the most damaging outcome of a cyber incident.
The financial ramifications are substantial. The global average cost of a data breach continues to climb, with AI-powered attacks proving particularly expensive. Beyond the immediate costs of remediation, businesses may face regulatory fines, cyber insurance penalties, and lasting reputational damage. For SMBs, which often operate with tighter margins and fewer resources, the consequences of a breach can be existential.
Crafting a Multi-Layered Security Strategy
Addressing the modern threat landscape requires a strategic, multi-layered approach that acknowledges the dual risks of advanced technology and human error. As Chris Novak, VP of Global Cybersecurity Solutions at Verizon Business, stated, this new reality demands that businesses rethink security measures aimed at AI-assisted attacks. A proactive defense strategy must be built on several key pillars. This includes the implementation of robust technical controls, such as mobile device management (MDM) solutions, which can enforce security policies and reduce risk.
Furthermore, organizations must invest heavily in their “human firewall.” This means moving beyond basic, one-size-fits-all security training. Continuous education programs that simulate real-world threats, like phishing and smishing, are essential to build employee resilience. Clear and enforceable policies regarding the use of generative AI tools on company devices are also critical. Finally, adopting advanced security measures like multi-factor authentication and AI-powered threat detection systems can help organizations identify and respond to threats faster, mitigating the impact of an attack before it can cause significant damage.