EY: Cybersecurity the top risk for telcos in 2024

When EY publishes its annual study on the "top ten risks" facing the telecom sector for the coming year, cybersecurity is usually in the top three. For the consultancy’s 2024 edition it has moved, ominously, into the number one position.  

"Our own research indicates that telcos are spending more annually on dealing with cyber threats, but there has been a layering of maybe additional anxiety because of GenAI," Adrian Baschnonga, lead analyst at EY's Global TMT division, told Light Reading. "There’s an accountability and transparency need that seems to be growing compared to, say, the last wave of privacy and data security regulation surrounding GDPR [general data protection regulation]."

EY frames the number one 2024 risk as "underestimating changing imperatives in privacy, security and trust," which is based on qualitative input (conversations with C-level execs) combined with its own quantitative research.

The latter finds an equal measure of optimism and concern when it comes to Generative AI, which, using large language models, can create new material ranging from text to images and music.

In a recent EY study of attitudes towards AI, four in five telcos – encouraged that GenAI offers major opportunities to accelerate digital transformation across their business – agreed that AI was a "force for good." However, nearly as many accepted there were security and related risks to consider. About three quarters of TMT companies believed they needed to do more to mitigate against AI "bad actors."

More GenAI, more risk

The initial telco use cases for GenAI tools typically revolve around customer interactions and making them more efficient. Improving network automation with clever AI algorithms (based on machine learning) is another goal, albeit perhaps a bit further down the line.

"All this raises a number of questions," added Tom Loozen, global telecommunications leader at EY. "What type of data will you capture? How do you store it? There are a lot of additional things to suddenly consider." 

And the data governance stakes markedly increase, he noted, if the data breached extends beyond customer interactions to core network operations. "Telcos’ dependency on being secure and having the right data to inform various functions will only become larger," said Loozen.

Other EY research reveals a failure among the non-IT workforce to adhere to best security practice – cited by 52% of telcos in a cybersecurity study (well above the cross-sector average of 38%) – and a perception of too many attack surfaces to protect.

Both Baschnonga and Loozen caveated, however, that these findings should not necessarily be taken at face value. "I think [telcos] are very aware of how things should be [on adopting best practice], which makes them more self-critical," suggested Loozen.

Longstanding risks

Among the other top ten risks facing telcos in 2024 are a number of perennials previously identified by EY: insufficient talent and skills management (third); inability to take advantage of new business models (fifth); inefficient engagement with external ecosystems (eighth); and failure to maximize the value of infrastructure assets, although this seems to be receding (tenth).

Loozen, however, identified number five (not taking advantage of new business models) as a risk that may also recede in the coming years for those telcos aiming to unlock revenue streams in the B2B space.

Despite telcos suffering a longstanding "credibility gap" in the eyes of enterprises when it comes to digital transformation, often playing second and third fiddle to other players in the ecosystem (systems integrators and professional services firms), Loozen anticipated a more prominent role for telcos looking to grow the top line via B2B services. "I would expect things to become a bit more favorable for them when they really go into providing services enabled by 5G SA – a trigger for network slicing – and [adopt] open API programmable interfaces," he said.

Programmable networks with security on demand – or being able to scale up QoS at a specific spot and at a specific time – were among the promising capabilities flagged by Loozen to enable telcos to make inroads into the enterprise market.        

Occupying the number four position in EY’s 2024 risk ranking is "poor management of sustainability agenda," although Baschnonga does not see telcos as being particularly lax when compared with other industry sectors. "What's notable in the last 12 months is a drive to broaden reporting around ESG, which is a challenge for them, particularly on Scope 3 emissions," he said.

The number one risk identified by EY for 2023 – insufficient response to customers during the cost-of-living crisis – only slipped down to number two for 2024. EY research indicates there is strong demand from consumers for greater price transparency and fixed price guarantees over the lifetime of a contact.