EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
Recent Searches
Without unnecessary suspense, the single biggest challenge facing telcos through 2026 is “underestimating changing imperatives in privacy, security, and trust.” Cybersecurity functions struggle to articulate their value beyond simple risk protection. Yet, we all know that they are not just a defense mechanism, but a strategic enabler, so why is the value overlooked ?
An expanding cyber-attack surface
Telecommunications operators sit at the heart of digital ecosystems, managing critical infrastructure and massive flows of sensitive data. The convergence of networks together with the rise of artificial intelligence (AI) threats have created a vastly expanded attack surface. Yet, only around 6 in 10 telcos have a mature framework for identifying and mitigating AI-related risks, trailing other sectors.
AI itself introduces new vulnerabilities: models can be manipulated, data can be “poisoned” and the fact that algorithmic decision-making is unseen to the end user means that malicious activity can be concealed. Generative AI tools have also empowered cybercriminals, making cyber-attacks of any kind easier and lowering the barrier for creating sophisticated phishing campaigns and deepfakes. This might sound a bit dramatic, but it is the reality of the modern world. And for telcos, the challenge is twofold: protecting their systems from AI-driven threats while ensuring the responsible, but secure deployment of AI in their own operations.
Old systems meet modern threats
Transformation and cyber resilience are not automatically aligned. As operators phase out legacy systems and transition to software-defined, cloud-native architectures, new weaknesses can be exposed. Meanwhile, the coexistence of old and new systems introduces interdependencies that threat actors can exploit. Modernization must therefore be accompanied by disciplined cyber governance. Decommissioning infrastructure without addressing lingering risks can leave inactive backdoors.
Even the most sophisticated technology cannot replace informed, engaged and well supported team.
Anthony Cannella
EY Luxembourg Partner, Telecommunications, Media & Technology Leader
Human factors remain central and empowering people is essential
Talent shortages and cultural gaps can still expose organizations to cyber risks and two-thirds of telcos report high demand for cybersecurity specialists. Yet many struggles to recruit and retain them. Building a cyber-aware culture is just as critical as investing in infrastructure.
The mesh of players in service delivery
Supply chains, too, pose hidden vulnerabilities. Third-party vendors can introduce security flaws or serve as entry points for attackers. Public announcements regularly evidence the consequences of cyber-attacks and incidents at services providers, cloud solutions, and any form of intermediaries and players in the operational chain of service delivery.
Cybersecurity is not a cost of doing business anymore, it is THE business
Alexandre Minarelli
EY Luxembourg Partner, Technology Risk Leader
The broader environment
Regulatory shifts, geopolitical tensions, and supply-chain dependencies all shape the cyber landscape for telcos. Governments are increasingly imposing “sovereign cloud” mandates and vendor restrictions in the name of national security – earlier this year Luxembourg became the first European country to offer the first sovereign cloud solution fully disconnected from the internet .
At the same time, the global proliferation of data-protection, AI, and cybersecurity regulations in the EU is creating a complex web of compliance requirements.
Today, trust has become the ultimate currency. It is what earned Luxembourg one of the world’s few AAA credit ratings, and what makes it one of the most reliable, well-governed nations on earth, and it is why more and more companies are setting up or expanding here. For telecommunications providers, that trust hinges on the ability to secure networks, protect data, and respond swiftly to new forms of cyber threat.
Summary
Without unnecessary suspense, the single biggest challenge facing telcos through 2026 is “underestimating changing imperatives in privacy, security, and trust.”
Related articles
How can telcos navigate a world of evolving risks?
As the risks facing communications operators continue to evolve and expand, here’s our ranking of the 10 top telecommunications risks for 2026. Learn more.
How telcos can help enterprises scale emerging technologies
Enterprises are pursuing digital transformation by investing more in emerging technologies – and vendors must adopt new strategies to help them succeed. Read more.
Are leaders ready for the telco of tomorrow?
To thrive in the future, telcos must seek differentiators beyond network quality, and adapt to changing ecosystems and market structures.