Mobile operators face rising costs and heightened risks due to fragmented cybersecurity regulations, according to Groupe Spéciale Mobile Association (GSMA) reports, urging governments to harmonize rules to protect both networks and users.
A GSMA study, “The Impact of Cybersecurity Regulation on Mobile Operators”, shows that telecom operators currently spend $15–19 billion annually on cybersecurity, a figure expected to rise to $40–42 billion by 2030. Despite these investments, fragmented and prescriptive regulations increase costs, divert resources from real threat mitigation, and in some cases, heighten cyber risks.
GSMA Head of Policy and Regulation, Michaela Angonius, said, “Mobile networks carry the world’s digital heartbeat. Regulation must help, not hinder. Harmonized, risk-based frameworks are essential to ensure operators focus on security rather than compliance for its own sake.”
The report, developed with Frontier Economics, highlights challenges including overlapping reporting obligations, inconsistent rules across jurisdictions, and “box-ticking” mandates that emphasize processes over outcomes. Operators report spending up to 80% of cybersecurity team hours on audits rather than threat detection.
To address these issues, GSMA recommends six principles for policymakers: harmonization with international standards, regulatory consistency, risk and outcome-based approaches, collaboration with industry, proactive security-by-design, and capacity-building for effective governance.
Angonius added: “Cybersecurity is a shared responsibility. Coherent, outcome-focused policies make the entire digital ecosystem safer”.
GSMA calls on governments to reduce regulatory burdens and foster trusted frameworks that allow mobile networks to remain secure, resilient, and capable of supporting the growing digital economy.
About the Author
