Mobile network operators are ramping up investments in cybersecurity as cyber threats intensify and digital infrastructure becomes increasingly vital. According to a new GSMA study, operators now devote $15 billion to $19 billion annually to core security activities — a figure projected to climb to $42 billion by 2030.
The Digital Heartbeat Under Threat
Mobile networks carry what the GSMA calls “the world’s digital heartbeat”, supporting everything from financial transactions to emergency communications. As cyber threats escalate, these networks have become prime targets for hackers and malicious actors, with attacks ranging from DDoS campaigns to sophisticated persistent intrusions.
Michaela Angonius, GSMA Head of Policy and Regulation, stressed:
“As cyber threats escalate, operators are investing heavily to keep societies safe, but regulation must help, not hinder, those efforts.”
Regulation: Friend or Foe?
The GSMA report, The Impact of Cybersecurity Regulation on Mobile Operators, highlights that much of the rising cybersecurity bill is driven by regulatory complexity, not just hackers. Poorly aligned or prescriptive rules can divert resources away from real security improvements, with one operator reporting that 80% of its cybersecurity team’s timeis spent on audits and compliance rather than threat mitigation.
Fragmented rules across multiple jurisdictions exacerbate the problem, forcing operators to report the same incident multiple times in different formats. The GSMA warns that such duplication and box-ticking approaches increase costs and, paradoxically, risk exposure.
A Global Perspective
Developed in partnership with Frontier Economics, the GSMA study incorporates interviews with operators across Africa, Asia Pacific, Europe, Latin America, the Middle East, and North America, providing a comprehensive view of how cybersecurity costs and complexities vary across regions.
As networks expand into cloud services, IoT, mobile money, and smart connectivity, operators face a growing perimeter to secure. Regulatory requirements that fail to adapt to these modern risks create inefficiencies and raise overall vulnerability.
Principles for Smarter Regulation
To address these challenges, the GSMA recommends six guiding principles for governments and regulators:
-
Harmonize with international standards to reduce fragmentation.
-
Align with existing frameworks to avoid duplication.
-
Focus on risk- and outcome-based approaches rather than prescriptive rules.
-
Foster collaboration through secure threat intelligence sharing.
-
Embed security-by-design across all network services.
-
Strengthen institutional capacity of cybersecurity authorities for coherent policy enforcement.
When applied effectively, these principles help ensure regulations support innovation and resilience, rather than creating costly inefficiencies.
The Rising Cost of Cybersecurity
Beyond regulatory burdens, telcos are facing escalating threat complexity. Generative AI, automation, and multi-vector attacks require advanced defenses and 24/7 monitoring. Total cybersecurity spending now ranges from $15 billion to $19 billion per year, and analysts forecast it could nearly double by 2030, highlighting the growing economic importance of robust security measures.
Collaboration Is Key
Angonius emphasizes that cybersecurity is a shared responsibility:
“To protect citizens and critical societal services, regulators and operators should work together, guided by a common set of principles. When policy is coherent and outcomes-focused, the entire digital ecosystem becomes safer.”
The GSMA and the mobile industry are calling for trusted, coordinated frameworks that reduce unnecessary burdens, encourage innovation, and strengthen the resilience of global mobile networks.
Conclusion: Securing the Future of Connectivity
As the world becomes ever more dependent on digital infrastructure, mobile operators are at the forefront of protecting the critical networks that underpin commerce, communication, and public services. Strategic investments, combined with smart, harmonised regulation, will be crucial in keeping the digital economy safe while allowing innovation to flourish.