#USA #Cybersecurity #Doha #GSMA #Mobile Operators

GSMA Warns of Fragmentation in Cybersecurity Regulation

In a revealing new report published by the GSMA, the impact of fragmented cybersecurity regulations on mobile operators has been brought to light. The study, titled "The Impact of Cybersecurity Regulation on Mobile Operators," shows that mobile operators are currently spending between $15 billion and $19 billion annually on essential cybersecurity activities. This figure is expected to grow dramatically, potentially reaching between $40 billion and $42 billion by the year 2030.

Interestingly, despite these significant investments in cybersecurity, operators are finding themselves hindered by poorly conceived regulation that is often misaligned or overly prescriptive. Such regulations not only lead to unnecessary costs but also divert resources away from effective risk mitigation strategies. In some instances, they may actually increase exposure to cyber threats, making a strong case for reform in this area.

Michaela Angonius, the GSMA’s head of policy and regulation, emphasized the critical role mobile networks play in the global digital economy. She noted, "Mobile networks pulse with the digital heartbeat of the world. As cyber threats escalate, operators are investing heavily to secure our societies, but regulations must support these efforts, not hinder them. This report clearly illustrates that cybersecurity frameworks tend to be more effective when they are harmonized, risk-based, and founded on trust. Poorly managed regulations run the risk of mobilizing critical resources towards mere compliance instead of real security improvement."

Global Perspective

Developed in partnership with Frontier Economics, this report draws on economic analysis and interviews with operators across various regions, including Africa, Asia-Pacific, Europe, Latin America, the Middle East, and North America. It stresses that the constantly evolving nature of cyber threats is escalating costs and complexity for mobile operators, making collaboration among governments from different jurisdictions and engagement with industry stakeholders essential to avoid unnecessary burdens on operators that operate in multiple markets.

The Burden of Disjointed Policies

The study identifies several widespread challenges faced by mobile operators on various markets, including:

• - Fragmented and Inconsistent Regulations: Operators are often compelled to comply with overlapping or contradictory requirements from multiple agencies.
• - Excessive Reporting Obligations: Sometimes, the same incident needs to be reported numerous times in different formats.
• - Prescriptive Checklist Rules: There are regulations that impose specific tools or processes rather than focusing on actual security outcomes.

One operator noted that as much as 80% of their cybersecurity team's operational time is consumed by audits and compliance tasks, taking away from critical activities like threat detection and incident response.

Despite these pressures, operators have reiterated that ensuring safe and secure mobile networks remains a priority for their customers and society at large in an increasingly connected world.

Recommendations for Effective Cybersecurity Regulation

The report outlines six guiding principles for governments and policymakers to create safer and more effective cybersecurity frameworks:
1. Harmonization: Align cybersecurity policies with international standards whenever feasible to reduce fragmentation and regulatory inconsistencies.
2. Coherence: Ensure that new policies and frameworks are consistent with existing regulations to avoid duplication and conflicts.
3. Risk and Outcome-Based Approaches: Adopt risk and outcome-based strategies in the design and implementation of cybersecurity regulations, empowering operators to innovate.
4. Collaboration: Foster a regulatory culture of collaboration with the industry, supported by secure threat intelligence sharing.
5. Security by Design: Promote a proactive approach to security from the outset to mitigate cyber risks effectively.
6. Capacity Building: Enhance the institutional capacity of cybersecurity authorities to ensure a comprehensive and effective application of policies and regulations.

The report warns against unilateral and fragmented approaches that increase vulnerabilities and create inefficiencies for global operators. Michaela Angonius further stated, "Cybersecurity is a shared responsibility. To protect citizens and essential societal services, regulators and operators need to work together, guided by a common set of principles. When policy is coherent and outcome-focused, the entire digital ecosystem becomes safer."

A Call for Coordinated Global Action

Supported by the GSMA, the mobile phone sector is urging governments and regulators to alleviate undue burdens on mobile operators through collaboration and the development of reliable frameworks and mechanisms that foster innovation. This facilitation is crucial for ensuring mobile networks remain safe, resilient, and capable of supporting the increasingly digital-dependent services of society.

For more details and to access the full report, please click here.

About the GSMA

The GSMA is a global organization that unifies the mobile ecosystem to discover, develop, and deliver innovations that drive favorable economic environments and societal change. Our vision is to unleash the full power of connectivity for people, industries, and society to thrive. Representing mobile operators and organizations within the mobile ecosystem and adjacent industries, the GSMA works for its members across three main pillars: connectivity for good, services and industrial solutions, and advocacy. This involves advancing relevant policies, tackling major current societal challenges, and supporting technology and interoperability that enables mobile to function at its best.

For more information, visit gsma.com.