Verizon Business doesn’t pull any punches in the 2025 Mobile Security Index. Its new report said that persistent human error and proliferation of artificial intelligence (AI)-powered attacks are causing big problems.
The organization found that 85% of organizations reported an increase in mobile attacks and that 63% experienced downtime lasting more than one day. This was a 16% jump from last year. The survey found that half of respondents lost data and 36% “faced cyber insurance penalties.”
AI is a powerful tool for bad actors who rely on the carelessness of many employees. Ninety-three percent of organizations surveyed for the report said folks who work for them use generative AI on their mobile devices.
It’s a big deal: 64% of responding companies cite data compromises stemming from employees inputting sensitive information into these platforms as their top mobile risk. Despite the dangers, the report found that less than half — 45% — of surveyed organizations provide comprehensive training on the risks of mobile AI tools.
Human error was called the top contributor to breaches by 44% of respondents, while 57% of small and medium size businesses believe they are at a disadvantage compared to enterprises in terms of resources.
There is some hope, however: Organizations that use mobile device management (MDM) approaches clearly are better off.
The survey found that only 12% of surveyed organizations that followed eight mobile device management steps suffered major repercussions, while 63% who did not follow the steps did have such problems. The report found that MDM users were more likely than non-users to enforce generative AI polices (59% versus 45%). Organizations using MDM are less likely to report extreme mobile risk (15% versus 31%).
The threats seem almost endless. Earlier this month, the 2025 Comcast Business Threat Report said that there have been 35 billion cybersecurity events this year. The report cited 19.5 billion resource development events; 9.7 billion drive-by compromise events; 4.7 billion phishing events attempting to compromise credentials or deliver malware; and 4,000 DDoS attacks attempting to test or overwhelm defenses.
