The GSMA has released a new independent study, The Impact of Cybersecurity Regulation on Mobile Operators, revealing that mobile operators worldwide spend between US 15-19 billion annually on core cybersecurity activities, with costs expected to rise to US 40-42 billion by 2030. The report warns that poorly designed, misaligned, or overly prescriptive regulation can create unnecessary costs, divert resources from genuine risk mitigation, and in some cases increase exposure to cyber threats.
Developed in partnership with Frontier Economics, the study draws on economic analysis and interviews with operators from Africa, Asia Pacific, Europe, Latin America, the Middle East, and North America. It highlights the rising complexity and costs of cybersecurity for global operators and stresses the need for collaboration between governments and industry to avoid redundant or conflicting requirements.
The report identifies key challenges for operators, including fragmented and inconsistent regulation, overlapping reporting obligations, and prescriptive "box-ticking" rules that mandate specific tools or processes rather than focusing on real-world security outcomes. One operator noted that up to 80 of their cybersecurity team's time is consumed by audits and compliance tasks rather than threat detection or incident response.
