Cybersecurity in digital transformation and the role of AI
Digital transformation is crucial to realising the mobile industry’s unique opportunities – but also introduces new cybersecurity challenges. As operators and their partners increasingly embrace cloud computing, IoT, and AI-driven solutions, they face expanding threat landscapes. The more complex and various the connections between networks, devices and services become, the larger the potential attack surface becomes. Operators must, therefore, integrate cybersecurity into every element of their network infrastructure to prevent large-scale attacks that could compromise millions of users in an instant.
The sobering reality is that hackers are becoming ever more adept at breaching cybersecurity defences. Two years ago, data exfiltration attacks took nine days on average. Today, in over 50% of cases, they happen within one day—with 20% in under an hour. The average cost of data breaches has also leapt from $4.24m in 2021 to $4.88m last year. This is in large part because, while AI is transforming cybersecurity in digital transformation, it’s also being exploited by attackers. Cybercriminals now use AI to automate phishing campaigns, enhance malware capabilities, and evade traditional security defences.
With cyberattacks becoming faster, more frequent, and more sophisticated, operators must adapt to meet their growing responsibility – not only to themselves but to the wider world. Cybersecurity in digital transformation processes is no longer just about protecting networks – it’s about securing entire digital ecosystems that support global economies. Alarmingly, 80% of attacks on networks are now not only trying to steal information but to disrupt the infrastructure itself in the process. A price we pay for the possibilities of digital transformation, then, is the need to prioritise cybersecurity above almost any other consideration.
Cybersecurity in digital transformation is too complex for humans alone
This was the focus of our first Security Summit session at MWC25, ‘Digital Transformation and the Security Imperative’. But as CEO for EMEA and LATAM at Palo Alto Helmut Reisinger explained, it’s no easy task. 52% of C-level executives cite complexity as the greatest barrier to achieving cybersecurity in digital transformation. The complexity now inherent to this task cannot be managed through classical approaches.
“Humans alone cannot solve cybersecurity challenges,” warned Helmut. “We need to fight AI with AI.” This means implementing AI-driven threat intelligence, behavioural analytics, and automated response mechanisms. With growing reliance on cloud-based infrastructure, operators and their partners must be able to detect, analyse, and neutralise threats in real time. Embracing AI in the fight for secure digital transformation doesn’t only allow for quicker reactions and rapid pattern recognition, however. It also makes integration of security across assets, technologies and platforms far more achievable.
Fragmentation of security systems and tools – across different areas of organisations or network – was a primary concern among contributing experts at the Summit. “Cybersecurity cannot function in silos,” warned Howard Watson, CSO at BT. “We must create a unified security framework that seamlessly integrates across cloud environments, IoT devices, and corporate networks.” Converged security solutions can support centralised monitoring, automated incident response, and continuous compliance management.
Modular platformisation through AI is the future of cybersecurity
CSO of MTN Justin Williams agreed on the need for standardised cybersecurity frameworks to prevent a frequent scenario where different teams use conflicting practices. This will increasingly rely on modular platformisation. This means AI-powered management and operations applied across entire estates. This allows for the ability to write policy once and enforce it anywhere – or single sensors informing multiple form factors. The step-change in efficiency this allows can provide a form of direct commercial competitive advantage. 96% of security executives in organisations using the approach see security as a source of commercial value, compared to only 8% in non-platformised organisations.
“But AI adoption must be carefully regulated,” cautioned Justin Williams. Every organisation must have a responsible AI policy. Without standardisation and monitoring, AI itself could introduce vulnerabilities.” There was emphatic agreement that AI deployments must be transparent, ethical, and continuously refined to prevent its misuse. But part of making a success of AI in cybersecurity for digital transformation is cultural, rather than purely technological or regulatory.
That means being able to admit mistakes quickly, and allowing the lessons to be learned while they are most useful. “It’s about failing fast,” said Jason Ruger, CSO of Lenovo. “It’s about failing fast. If employees and customers are going to use new tech, we need early insights into risks. Cybersecurity must be ingrained in company culture. Employees shouldn’t be afraid to report incidents. Trust is essential.” Ingraining cybersecurity into company culture can take many forms, a popular current example being gamified training in phishing simulations and cloud adoption policy.
Digital transformation relies on trust within organisations, but zero-trust in systems
Trust among staff – that management will treat errors as an opportunity to learn – is crucial to buy-in across a large organisation pursuing digital transformation. But that is not the same as trust at points of entry. Much of the purpose of deploying AI in cybersecurity is eliminating the need for trust at the systems level – to achieve zero-trust security models. The unfortunate reality is many security breaches originate through insider collusion or error. This points to the need for elimination of sole human oversight where practical, and expansion of continuous authentication of people, devices and purpose at every stage of activity.
“We are only as strong as the weakest link in the chain,” noted Laura Iglesias, Vodafone’s Head of Cybersecurity European Markets. But zero-trust systems are not cheap or easy to implement. Board members generally want to invest in security, but need clear risk reduction metrics. “Executives don’t always understand probability vs. impact. We need to share real-world case studies to illustrate the potential damage of cyber breaches.”
Organisations must quantify risk reduction in financial terms, demonstrate compliance benefits, and highlight cost savings from automated security solutions. In this way cybersecurity budgets can be justified, and cybersecurity seen as a driver of innovation rather than an obstacle. “Cybersecurity must be modular, scalable, and integrated into digital transformation initiatives,” summarised Helmut Reisinger. By achieving this, operators can secure digital ecosystems, protect customer data, and drive innovation with confidence.