Mobile operators worldwide are spending unprecedented amounts on cybersecurity, yet remain exposed to accelerating digital threats due to fragmented and overly prescriptive regulation, according to a new GSMA study that quantifies the growing financial and operational burden on the industry.
The report released recently, 'The Impact of Cybersecurity Regulation on Mobile Operators', finds that operators currently spend between US$15 billion and US$19 billion annually on core cybersecurity measures, a figure projected to rise to more than US$40 billion by 2030 as networks expand and attacks become more sophisticated.
Cyberattacks have risen by roughly 75 per cent over the past five years, the report notes, with mobile networks increasingly targeted due to their central role in digital finance, e-government, public services, and national infrastructure.
But despite the rising threat landscape, the GSMA warns that poor regulatory design is preventing operators from deploying resources where they are needed most.
In many jurisdictions, cybersecurity rules are overlapping, inconsistent, or overly prescriptive, forcing operators to prioritise compliance paperwork instead of active defence.
Some operators reported that up to half of their cybersecurity teams' time is spent meeting audit requirements rather than detecting or mitigating real threats.
The study argues that this misallocation of resources is a direct result of fragmented regulatory regimes, where multiple agencies impose duplicative reporting obligations and incompatible standards. Such an environment, it warns, creates unnecessary cost pressures while offering no meaningful improvement in security outcomes.
These findings mirror concerns long raised within Bangladesh's telecom sector, where mobile operators already face intense regulatory and fiscal pressures. High spectrum prices, complex licensing frameworks, and heavy compliance requirements have strained operators' capacity to invest in network resilience and next-generation security systems.
Shahed Alam, chief corporate and regulatory affairs officer at Robi Axiata Limited, said the GSMA's conclusions reflect "exactly the kind of regulatory bottlenecks" that could undermine Bangladesh's cyber-defence readiness if left unaddressed.
He noted that when cybersecurity regulation is fragmented or overly prescriptive, operators end up diverting critical resources into administrative processes.
"The GSMA report demonstrates that in some cases as much as 80 per cent of cybersecurity-team time is going into audits and reporting, not real security work. This is a major concern for markets like Bangladesh, where operators are already managing significant regulatory and fiscal burdens," he said.
Mr Alam stressed that without reform this dynamic could "severely constrain the industry's ability to invest in robust cyber-defence", especially as Bangladesh's digital dependence deepens through mobile financial services, online education, and e-government platforms.
He urged the government to adopt a harmonised, risk- and outcome-based cybersecurity framework, aligned across all relevant agencies. Rather than issuing multiple prescriptive rules, he said regulators should "focus on the outcomes-resilience, incident response, user-data protection-while giving operators flexibility in how to achieve them".
"This approach allows operators to invest efficiently in actual security rather than box-ticking," he added.
Need for Collaboration and Threat-Intelligence Sharing
Mr Alam also pointed to another deficiency highlighted in the GSMA study: the absence of structured collaboration between regulators and industry.
"In Bangladesh, collaboration is missing. We need regular dialogue between BTRC, operators, ISPs and security experts to share threat intelligence and build institutional capacity together," he said. Such cooperation, he noted, would encourage "security-by-design rather than ad-hoc compliance".
As Bangladesh's mobile networks become more central to economic activity, industry leaders emphasise that improving regulatory coherence is not merely a sectoral issue-it is essential for national resilience. The GSMA report, they say, underscores the urgency of ensuring that cybersecurity frameworks enable effective defence rather than diverting resources into administrative cycles at a time of rapidly evolving digital threats.
bdsmile@gmail.com
© 2025 - All Rights with The Financial Express
