Original article excerpt
Server-side extracted preview paragraphs from the original source.
Verizon's latest DBIR shows attackers are turning to texts and calls as email defenses improve. Here's what businesses should do now.
Mobile attack vectors are outstripping email threats as we become more able to detect traditional phishing attempts, Verizon said in a new report exploring the data breach landscape and the impact on businesses worldwide.
In Verizon's 2026 Data Breach Investigations Report (DBIR), the company said that mobile-centric cyberattacks are increasing in popularity and have a higher click rate than the same phishing attempts sent via email, which raises questions about whether our existing phishing protections are adequate.
Based on data collected from more than 31,000 real-world security incidents in 2025, with 22,000 confirmed data breaches impacting organizations in 145 countries, Verizon says that "mobile is more dangerous than email."
A set of phishing simulation assessments backs up this claim, in which mobile-centric attack vectors -- including voice-based phishing (vishing) and text scams -- were successful lures, achieving a 40% higher click-through rate than traditional email phishing scams.
People are often the weakest link in security systems, and threat actors know it. However, that doesn't mean we aren't improving our general cybersecurity awareness; it just means cybercriminals are switching up their tactics.
According to Verizon's report, the "human element" was present in 62% of known and recorded data breaches, a marginal increase of 2% year over year.