Lookout Survey Reveals Critical Gaps in Security Leaders’ Confidence and the Actual Vulnerability of Their Organizations

Independent Data Confirms Concerning Disconnect Between Belief and Reality When It Comes to Mobile Cybersecurity Preparedness

BOSTON–(BUSINESS WIRE)–A new global survey by Lookout, Inc., the leader in mobile endpoint security, today unveiled concerning insights into the state of mobile cybersecurity preparedness, revealing a significant gap between security leaders’ confidence and the actual vulnerability of their organizations. The survey of more than 700 security leaders globally exposes a pervasive overconfidence in employees’ ability to detect modern mobile-centric threats, leaving businesses significantly more exposed than they realize.

The survey’s most critical insights include:

• 58% of companies have experienced incidents due to executive impersonation scams via text or voice, highlighting the severe impact of sophisticated social engineering tactics.
• 77% of respondents have experienced one or more mobile phishing attacks in the past six months, underscoring the ubiquity of these threats.
• 51% admit to having inconsistent visibility of social engineering attempts, creating massive security blind spots.

Despite these alarming statistics, the survey revealed pervasive overconfidence: 96% of leaders are confident their employees can spot a phishing attempt that comes via their mobile devices. Yet, over half reported incidents where employees fell victim to executive impersonation scams, leading to financial loss or sensitive data exposure. Furthermore, even with widespread security training efforts, “lack of training” remains the top reason cited for employees clicking suspicious links, suggesting current education may not be keeping pace with the rapidly evolving modern threat landscape.

“Today’s threat actors are increasingly sophisticated, and they understand that mobile endpoints have historically been an afterthought in many enterprise security strategies,” said Jim Dolce, CEO of Lookout. “This survey clearly demonstrates that this oversight is creating a dangerous vulnerability. Attackers are aggressively targeting employees on their iOS and Android devices, using highly effective social engineering tactics delivered via SMS, voice, and messaging apps to compromise credentials and gain quiet access to enterprise data.”

These findings highlight core issues:

• A dangerous overconfidence gap: Organizations feel ready for threats but are demonstrably underprepared, leading to successful attacks.
• Inadequate visibility: Traditional security solutions often lack visibility into mobile-centric social engineering attempts, meaning many manipulative efforts go unnoticed until it’s too late.
• Outdated training: Security awareness training isn’t evolving fast enough to truly prepare employees for today’s sophisticated, mobile-focused threats.

To address these pressing challenges, Lookout emphasizes a multi-faceted approach to secure the “front line” – employees and their mobile devices. This includes:

• Implementing an AI-first social engineering and human risk solution: This provides baseline protection against today’s Modern Kill Chain.
• Integrating Mobile Endpoint Detection and Response (EDR): Gaining strategic mobile security data points, such as vulnerable assets and web traffic analysis, by integrating EDR into existing SIEM, SOAR, EDR, or XDR solutions.
• Sophisticated and ongoing security awareness training: Training specifically designed for mobile-centric threats, including simulated phishing and social engineering exercises that reflect current malicious tactics, fostering a culture of vigilance and easy, judgment-free reporting.

About the Survey

The data presented in this report is sourced from the independent research company Censuswide, which conducted the survey in June 2025. More than 700 security leaders globally were polled across various industries. Censuswide is a member of the British Polling Council and abides by and employs members of the Market Research Society and follows the MRS code of conduct and ESOMAR principles.

About Lookout

Lookout, Inc. is a globally recognized cybersecurity leader delivering advanced protection for the most vulnerable element of any enterprise security strategy — human error and manipulation. Cloud-native by design, the Lookout platform offers rapid, scalable deployment and simplified security operations, defending the frontline of human-centric attacks—the mobile device.

Attackers now target the human element more than ever, with mobile devices providing the most direct path to their victims. Using social engineering techniques that exploit basic human instincts like trust, curiosity, and urgency, they deceive users into revealing sensitive credentials, allowing them to slip past legacy security solutions.

Lookout Endpoint Detection and Response (EDR) continuously monitors mobile endpoints for signs of human-centric attacks, as well as traditional malware, software vulnerabilities, and other anomalous activity. It uses advanced threat detection techniques, including artificial intelligence (AI) and behavioral analysis, to identify threats before they escalate across the enterprise.

Learn more at www.lookout.com and follow us on the Lookout Blog, LinkedIn, and X

© 2025 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.

Contacts

Lookout PR: [email protected]