Verizon: AI and Human Error Fuel Mobile Security Threats

A report from Verizon Business illustrates the security challenges organisations now face, as the combination of artificial intelligence (AI) and human fallibility creates a volatile risk environment.

The Verizon 2025 Mobile Security Index (MSI) suggests that the intersection of sophisticated AI-driven cybercrime and common human mistakes is creating major mobile threats.

According to the research, 85% of organisations reported an increase in mobile-based attacks.

This indicates that mobile devices are now a primary focus for cybercriminals.

In response, three-quarters of businesses have elevated their spending on mobile security within the last year, though the effectiveness of this investment is still under review.

AI integration and the expanding attack surface

The integration of Gen AI tools into daily business operations is a key factor in expanding the corporate attack surface.

The Verizon report found that employees in 93% of organisations use Gen AI on their mobile devices.

Furthermore, 64% of those surveyed cited data compromise through generative AI as their biggest mobile security concern.

While businesses adopt AI, cybercriminals are also leveraging the technology to refine their own methods.

A potential vulnerability is highlighted by the finding that only 17% of businesses have implemented security controls specifically designed to address AI-assisted threats.

Chris Novak, Vice President of Global Cybersecurity Solutions at Verizon Business, explains: “This year’s Mobile Security Index is a clear wake-up call: mobile security is no longer a perimeter defence, but a battle fought in the palm of every employee’s hand. We talk about the perfect storm: with the rise of AI, we’re witnessing a Category 5 hurricane in mobile security, where AI is the wind – and human error is the open window.”

The human element and phishing vulnerabilities

Technology advancements alone may not be sufficient to counter evolving threats, as human behaviour remains a central point of weakness.

Verizon’s data shows that 80% of organisations have conducted smishing simulations with their employees. In almost four out of 10 of these tests, up to half of the employees engaged with the malicious links.

This suggests a persistent challenge for organisations, where the margin for human error is decreasing as threats become more advanced.

Investment in continuous employee education and awareness programmes could be crucial for building a security-conscious culture.

Chris says: “The rapid adoption of Gen AI is a game-changer and businesses of all sizes must rethink security measures aimed at AI-assisted attacks and support employees in leveraging technology securely.”

The resource divide between SMBs and enterprises

While all organisations are susceptible to cyber threats, small and medium-sized businesses (SMBs) report facing greater challenges.

According to the index, 57% of SMBs state they do not have the necessary resources to respond effectively to a cyberattack.

Additionally, 54% believe a security breach would be more detrimental to them compared to larger enterprises.

In contrast, larger organisations appear to adopt a more proactive security posture.

The report highlights several key differences:

• 66% of enterprises offer mobile security training to employees, compared to 56% of SMB
• 50% of large enterprises provide education on AI-related risks, whereas only 39% of SMBs do so
• Advanced multifactor authentication has been implemented by 57% of enterprises, versus 45% of SMBs.

Regardless of size, business disruption is a common outcome. The report indicates that 63% of organisations experienced major operational downtime following an incident, and half suffered data loss.

A unified strategy that integrates mobile and network security is essential for building resilience.

“While threats evolve, so do defences,” Chris notes.

“A proactive and multi-layered approach to mobile security is no longer just a best practice; it’s a business imperative.

“This includes robust employee training, clear AI usage policies and intelligent security solutions.”

This alignment can help organisations better identify and mitigate complex risks as their digital ecosystems expand.