How AI & Human Error Drive a Surge in Mobile Cyberattacks

A report from Verizon Business indicates that the combination of AI and employee behaviour is creating major mobile security challenges for businesses.

The Verizon 2025 Mobile Security Index (MSI) details an evolving threat landscape where the tools transforming business operations are also being turned against them, with human fallibility often providing the point of entry.

According to Verizon’s research, 85% of organisations report an increase in mobile-based attacks, making mobile devices a primary front in cybersecurity.

This prompted three-quarters of businesses to increase their mobile security spending in the last year. However, the investment may not keep pace with the complexity of the threats, particularly those amplified by AI.

Gen AI and the expanding attack surface

The integration of Gen AI tools into daily work is rapidly expanding the potential attack surface for cybercriminals. The report finds that employees in 93% of organisations use Gen AI on their mobile devices.

This widespread adoption comes with considerable risk, as 64% of business leaders cite data compromise through Gen AI as their foremost mobile security concern.

While employees are adopting these tools, cybercriminals are simultaneously using the same technology to refine their attack methods.

This has created a gap in corporate defence, with the report revealing that only 17% of businesses have implemented specific security controls designed to mitigate AI-assisted threats, leaving a large majority exposed to this new wave of cybercrime.

“This year’s Mobile Security Index is a clear wake-up call: mobile security is no longer a perimeter defence, but a battle fought in the palm of every employee’s hand,” says Chris Novak, VP of Global Cybersecurity Solutions at Verizon Business.

He adds: “We talk about the perfect storm: with the rise of AI, we’re witnessing a Category 5 hurricane in mobile security, where AI is the wind – and human error is the open window,” he adds.

Human error as a key vulnerability

Technology alone cannot solve the security puzzle, as human behaviour remains a critical point of weakness. Verizon’s findings show that 80% of organisations have conducted smishing simulations with their employees.

In nearly four out of ten of these simulations, up to half of the employees clicked on the malicious links, illustrating a persistent challenge in corporate security awareness.

As threats become more sophisticated, the margin for human error diminishes. This suggests that investment in advanced security tools must be complemented by continuous employee education and a cultural shift towards security consciousness.

Chris explains: “The rapid adoption of Gen AI is a game-changer and businesses of all sizes must rethink security measures aimed at AI-assisted attacks and support employees in leveraging technology securely.”

The security divide between SMBs and enterprises

While all organisations are at risk, the report highlights a resource gap between small and medium-sized businesses (SMBs) and larger enterprises.

According to the data, 57% of SMBs report they do not have the necessary resources to respond effectively to a cyberattack and 54% believe they have more to lose from a security breach compared to their larger counterparts.

In contrast, larger organisations appear to be adopting a more proactive security posture.

The report notes key differences in their approach:

• 66% of enterprises provide mobile security training for employees, compared with 56% of SMBs.
• 50% of enterprises deliver AI risk education, compared with 39% of SMBs.
• 57% of enterprises have implemented advanced multifactor authentication, compared with 45% of SMBs.

Despite these differences, no business is immune to the consequences of a breach. The report shows that 63% of organisations experience operational downtime and half suffer data loss, which is often the most feared outcome of a cyber incident.

A proactive and multi-layered approach to mobile security is therefore not just a best practice but a business imperative.

“While threats evolve, so do defences,” Chris notes.

He adds: “A proactive and multi-layered approach to mobile security is no longer just a best practice; it’s a business imperative. This includes robust employee training, clear AI usage policies and intelligent security solutions.”