The mobile industry, supported by the GSMA, calls for harmonised, risk-based and collaborative policy frameworks to strengthen global cyber resilience.
26th November 2025, Doha: The GSMA today released a major new independent study, The Impact of Cybersecurity Regulation on Mobile Operators, revealing that mobile operators are spending between US $15-19 billion annually on core cybersecurity activities, a figure expected to rise to US $40-42 billion by 2030. Despite this significant investment, mobile network operators, who form the backbone of digital economies worldwide, are impacted by poorly designed, misaligned or overly prescriptive regulation, which results in unnecessary costs, diverting resources from genuine risk mitigation, and in some cases increasing exposure to cyber threats.
Michaela Angonius, GSMA Head of Policy and Regulation, said: “Mobile networks carry the world’s digital heartbeat. As cyber threats escalate, operators are investing heavily to keep societies safe – but regulation must help, not hinder, those efforts. This report makes clear that cybersecurity frameworks work best when they are harmonised, risk-based and built on trust. When done poorly, regulation can redirect critical resources away from real security improvements and toward compliance for its own sake.”
A global perspective
Developed in partnership with Frontier Economics, the report draws on economic analysis and operator interviews representing the Africa, Asia Pacific, Europe, Latin America, Middle East and North America regions. It highlights how the fast-changing nature of cyber threats is driving up the costs and complexity for mobile operators across the globe, making collaboration between governments in different jurisdictions and engagement with industry vital in avoiding unnecessary costs for those operators present in multiple markets.
Policy misalignment is creating unnecessary burdens:
The study identifies widespread challenges across markets, including:
- Fragmented and inconsistent regulation, forcing operators to comply with overlapping or contradictory requirements from multiple agencies.
- A proliferation of reporting obligations, sometimes requiring the same incident to be reported multiple times in different formats.
- Prescriptive “box-ticking” rules that mandate tools or processes rather than focusing on real-world security outcomes.
One operator reported that up to 80% of their cybersecurity operations team’s time is spent on audits and compliance tasks, rather than threat detection or incident response.
Despite these pressures, operators emphasised that ensuring safe and secure mobile networks is a priority for their customers and for society as a whole in a digitally connected world.
Six principles for effective cybersecurity regulation:
The report outlines a blueprint for governments and policymakers to build more secure and efficient frameworks, and design cybersecurity policies according to six core principles:
- Harmonisation: Align cybersecurity policy with international standards where possible, to reduce regulatory fragmentation and inconsistency.
- Consistency: Ensure new policies and frameworks are consistent with existing policy to avoid duplication or conflict.
- Risk- and outcome-based: Adopt risk- and outcome-based approaches in the design and implementation of cybersecurity regulation, giving operators flexibility to innovate.
- Collaboration: Promote a collaborative regulatory culture with industry, supported by secure threat intelligence sharing.
- Security-by-design: Encourage a proactive, security-by-design approach to mitigating cyber risks.
- Capacity-building: Strengthen the institutional capacity of cybersecurity authorities to ensure a whole-of-government approach and effective application of policy and regulation.
The report warns that unilateral, fragmented approaches heighten vulnerabilities and create inefficiencies for global operators.
Michaela Angonius added: “Cybersecurity is a shared responsibility. To protect citizens and critical societal services, regulators and operators should work together, guided by a common set of principles. When policy is coherent and outcomes-focused, the entire digital ecosystem becomes safer.”
A call for coordinated global action:
The mobile industry, supported by the GSMA, is calling on governments and regulators to minimise unnecessary burdens on mobile operators by collaborating and building trusted frameworks and mechanisms that foster innovation to enable mobile networks to remain secure, resilient, and capable of supporting the digital services that societies increasingly rely on.
For more information and to access the full report, see here.
– ENDS –
About the GSMA
The GSMA is a global organisation unifying the mobile ecosystem to discover, develop and deliver innovation foundational to positive business environments and societal change. Our vision is to unlock the full power of connectivity so that people, industry, and society thrive. Representing mobile operators and organisations across the mobile ecosystem and adjacent industries, the GSMA delivers for its members across three broad pillars: Connectivity for Good, Industry Services and Solutions, and Outreach. This activity includes advancing policy, tackling today’s biggest societal challenges, underpinning the technology and interoperability that make mobile work, and providing the world’s largest platform to convene the mobile ecosystem at the MWC and M360 series of events.
We invite you to find out more at gsma.com
Media Contacts
GSMA Press Office
[email protected]
About Frontier Economics
Frontier Economics is a leading international specialist economics consultancy, using economic principles to provide clear advice and analysis on complex matters to many of the world’s largest companies, leading sector regulators, government departments and international organisations. With over 350+ staff in Dublin, Amsterdam, Berlin, Brussels, Cologne, London, Madrid, Paris and Prague, Frontier Economics is one of the largest and most influential economic consulting firms in Europe, with experts across a full range of industries, including digital markets, telecommunications, energy, transport, post, water and health. Frontier works closely with its sister and legally separate company, Frontier Economics Australia.