Mobile Security Index
2021 Report

  • Cybersecurity is not a new issue, but the stakes are getting higher. The scale of regulatory penalties is growing, and customers—consumers, businesses and public-sector organizations alike—are becoming more sensitive to the issue. In the past, many consumers saw little difference between the security postures of the companies—such as banks and retailers—pursuing their business, and so it didn’t sway their loyalty. That’s changing, and consequently lots of companies are responding by making security and data privacy central to their value proposition. 

Please provide the information below and then check your email for a link to view the online Verizon Mobile Security Index report.

Thank you.

You will soon receive an email with a link to confirm your access. When you click to confirm from your email, your document will be available for download.

If you do not receive an email within 2 hours, please check your spam folder.

Thank you.

You may now close this message and continue to your article.

  • Figure 4
  • For more than a decade, Verizon has published some of the preeminent reports on cybersecurity, including the Data Breach Investigations Report (DBIR). This is the fourth edition of the Mobile Security Index. As the name suggests, it focuses on the threats to mobile devices; what defenses companies have in place to thwart these attacks; and how often those fail, leading to a mobile-related compromise.

    One of the key themes of the 2020 Mobile Security Index was mal-innovation. We talked about how cybercriminals were constantly finding new and often imaginative ways to carry out attacks. In another life, where their motives weren’t nefarious and the outcomes not so damaging to so many, the creativity and ingenuity shown by some of the attackers would merit fame and accolades.

    Sadly, mal-innovation continues apace, and we saw many new examples in 2020. COVID-19—you didn’t think that we’d not mention it, did you?—provided cybercriminals with new opportunities. 

  • Criminals were able to craft tailored phishing attacks very quickly. But that’s no longer a surprise. It doesn’t take a pandemic for phishing gangs to identify new ways to exploit human weaknesses to further their attacks.

    Another of the key themes of our 2020 report was how mobile devices are not just being used more, but used for more. In large part driven by apps and data in the cloud, mobile devices have evolved from being a handy companion into an essential business tool. Today, you can buy a watch that has much of the functionality smartphones had just a couple of years ago. Smartphones, tablets and other mobile devices can now be used to access core systems, edit spreadsheets and perform other mission-critical tasks.

  • When we asked respondents to our latest survey to rate how crucial mobile is to their business on a 10-point scale, 71% answered 8 or higher. But with the increased reliance on mobile devices, the risk has grown too. Mobile devices are subject to all the same risks as non-mobile user devices, plus some of their own:

  • Amplified risks

    Mobile devices can be subject to attacks that could happen on any device, but sometimes the mobile device makes them more likely to be successful.

    An example is a phishing attack. Several of the ways users spot a malicious email or website are less obvious on a small screen, meaning users may be more likely to fall for an attack.

  • Specific risks

    Mobile devices are significantly more prone to loss and theft. This can lead to the exposure of data, but often the biggest impact is on productivity.

    Because they are often used in public places—like trains and coffee shops—mobile devices are susceptible to eavesdropping, both physical and electronic.

  • Gateway risks

    Attackers can exploit mobile devices to acquire data from the cloud and other systems that they connect to.

    They can also be attacked to capture credentials, which can then be used to gain access to data in other systems.

  • We couldn’t really write this report without discussing the impact the COVID-19 pandemic has had on the nature of how we work. The number of remote workers has been growing for years, but in many companies—including Verizon—working from home went from being the exception to being the rule virtually overnight. Unsurprisingly, this led some to cut corners, including on security. Nearly a quarter (24%) of respondents to our survey said that their organization had sacrificed the security of mobile devices to facilitate their response to restrictions put in place due to the pandemic.

    Read on to learn more about the mobile security environment and understand its risks. We hope that this insight will help you to strengthen your mobile security as your digital transformation journey—and evolution to the new world of work—unfolds.

    • The findings of this report are based on a survey of 856 professionals responsible for the procurement, management or security of mobile devices. Unless stated otherwise, quoted statistics are from this survey. Other findings are based on data supplied by our contributors: Asavie, Check Point, Cylance, IBM, Lookout, MobileIron, NetMotion, Netskope, Proofpoint, Qualcomm, Thales, VMware and Wandera. For full details of the methodology, please see page 86.

Let's get started.