Cybersecurity spending by mobile operators is rising sharply as threats become more frequent and complex. A new GSMA Intelligence study indicates that operators worldwide could spend between $40 billion and $42 billion on cybersecurity by 2030, reflecting its growing importance across all layers of mobile network operations.
The GSMA report estimates global core cybersecurity spending at $15 to $19 billion per year. This covers functions explicitly assigned to cybersecurity within IT budgets, excluding broader areas like network equipment, resilience investments, governance, and workforce training. Spending varies significantly by operator size. Smaller operators often face higher cybersecurity costs relative to revenue, and the same trend is visible in low and middle income countries where structural challenges shape both the scale and nature of required investments.
Cybersecurity has become a strategic priority that touches every aspect of a mobile operator’s business. It now influences vendor and supply chain choices, network design, product development, customer data policies, and compliance requirements. Security-by-design principles add complexity to development timelines, while staff need constant upskilling to respond to evolving threats. Breach notification protocols and transparency requirements have also reshaped customer engagement practices.
The study highlights that cybersecurity costs extend far beyond traditional IT budgets. Operators must also invest in network resilience, governance, compliance processes, training, and supply chain assurance. These layers form the full scope of cybersecurity expenditures, much of which is difficult to quantify because security is embedded across all network activities. When operators deploy new technologies or upgrade systems, they must integrate the latest security standards, making it difficult to separate cybersecurity costs from overall network investment.
Spending patterns have shifted in recent years. The industry has moved from reactive operational security to more proactive, security-by-design frameworks that prioritize long-term risk management and resilience. Personnel remain the largest cost component, underscoring the importance of skilled cybersecurity talent. Software investment is rising, hardware spending is declining, and operators increasingly rely on external services such as managed security, audits, and consulting. This reflects a wider transition toward flexible, cloud-driven security solutions.
Mobile operators also report that cybersecurity budgets often compete with other capital and operational priorities. When unexpected cybersecurity costs arise, they can delay or displace projects related to service enhancements, network quality, or new product development. Although operators do not directly pass compliance costs to consumers, diverting funds away from innovation and resilience can lead to longer service disruptions, slower recovery from cyber incidents, reduced protection from emerging threats, and fewer options for secure connectivity.
Major cyber security incidents in telecom industry
South Korea’s SK Telecom confirmed a large breach in April 2025: attackers gained access to SIM-related data for over 23 million customers, including USIM authentication keys and IMSI identifiers. Regulators fined SK Telecom nearly $97 million citing poor security governance and inadequate response.
European operator Orange suffered a cyberattack in July 2025 that disrupted some business services. Orange Belgium disclosed a data breach affecting around 850,000 customers — names, phone numbers, SIM/PUK codes and tariff plans were exposed, though no financial details were compromised.
Russian telecom provider Beeline faced a major cyberattack in 2025. The company said a distributed denial-of-service (DDoS) attack disrupted account-management features and online services for its tens of millions of users, though customer data was not accessed.
Australian internet provider Vocus reported a cyber-security incident in October 2025 that involved “suspicious activity” in its email systems. The breach affected about 1,600 home internet and mobile customers; Vocus suspended email services while investigating.
GSMA has also revealed six recommendations for mobile operators
# 1 Harmonisation – Align national cybersecurity policies with global standards like ISO 27001 and NIST to reduce duplication, simplify compliance, and improve coordinated responses to cross border threats.
# 2 Consistency – Ensure new cybersecurity regulations are coherent with existing policies across the digital ecosystem, preventing conflicting requirements as technology evolves.
# 3 Risk and outcome based approach – Frame cybersecurity obligations around actual risk levels and clear objectives, allowing operators flexibility to meet requirements in the most efficient and effective way for their operations.
# 4 Collaboration – Promote a cooperative regulatory environment where industry consultation, shared threat intelligence, and streamlined reporting strengthen resilience instead of punitive enforcement.
# 5 Security by design – Encourage proactive investment in security built into systems from the start, including early threat detection, risk mitigation strategies, and crisis simulations to reduce long term vulnerabilities and costs.
# 6 Capacity building – Equip regulators and cybersecurity authorities with sufficient technical expertise, financial resources, and institutional strength to implement and enforce effective cybersecurity frameworks.
Baburajan Kizhakedath