GSMA Study Highlights Rising Cybersecurity Costs for Mobile Operators and Calls for Smarter Regulation
The report warns that poorly designed, misaligned, or overly prescriptive regulation can create unnecessary costs, divert resources from genuine risk mitigation, and in some cases increase exposure to cyber threats.
The GSMA has released a new independent study, The Impact of Cybersecurity Regulation on Mobile Operators, revealing that mobile operators worldwide spend between US $15–19 billion annually on core cybersecurity activities, with costs expected to rise to US $40–42 billion by 2030. The report warns that poorly designed, misaligned, or overly prescriptive regulation can create unnecessary costs, divert resources from genuine risk mitigation, and in some cases increase exposure to cyber threats.
Developed in partnership with Frontier Economics, the study draws on economic analysis and interviews with operators from Africa, Asia Pacific, Europe, Latin America, the Middle East, and North America. It highlights the rising complexity and costs of cybersecurity for global operators and stresses the need for collaboration between governments and industry to avoid redundant or conflicting requirements.
The report identifies key challenges for operators, including fragmented and inconsistent regulation, overlapping reporting obligations, and prescriptive “box-ticking” rules that mandate specific tools or processes rather than focusing on real-world security outcomes. One operator noted that up to 80% of their cybersecurity team’s time is consumed by audits and compliance tasks rather than threat detection or incident response.
To address these issues, the GSMA report outlines six principles for effective cybersecurity regulation: harmonization with international standards, consistency with existing policies, risk- and outcome-based approaches, collaboration with industry, security-by-design practices, and capacity-building for regulatory authorities. The report warns that unilateral, fragmented policies heighten vulnerabilities and create inefficiencies for operators operating across multiple jurisdictions.
The GSMA is calling on governments and regulators to coordinate globally, minimize unnecessary burdens on operators, and build trusted frameworks that allow mobile networks to remain secure, resilient, and capable of supporting critical digital services.
