Customer caution over data misuse tops EY's telco risk rankingCustomer caution over data misuse tops EY's telco risk ranking

According to the consultancy's annual top-10 ranking of telco risks, CSPs "face substantial challenges" to their status as data custodians.

It stands to reason given the number of telcos that have suffered damaging data breaches in recent years.

AT&T springs to mind. Last July, it revealed that the call and text records of almost all of its 100 million customers – including FBI agents – had been stolen by hackers.

Rival provider T-Mobile US has fallen victim to multiple breaches in recent years.

In October it paid a $15.75 million penalty to settle a Federal Communications Commission (FCC) investigation into incidents that occurred in 2021, 2022, and 2023.

On the other side of the world, a high-profile hack of Australian operator Optus in 2022 exposed millions of customers' passport numbers.

Now, the rise of AI presents new risks.

For one thing, it is being exploited by hackers to rapidly alter attack patterns to evade cyberdefences.

Furthermore, customers are wary about how their data is being used when interacting with AI customer agents.

"As connectivity takes an increasingly central role in industrial digitalisation, telecommunications companies should take care to identify risks that are emerging outside their organisation, whether these relate to existing supply chains, changing customer needs or more complex policy and regulatory environments. This is particularly true of cybersecurity, where attack vectors and surfaces are evolving at speed," said Cédric Foray, EY global telecommunications leader. "GenAI's impact on employee and customer experiences also requires attention to mitigate downside risks, while telcos should stay alert to evolving regulatory imperatives designed to build confidence in AI."

Meanwhile, attracting and retaining the right talent, and reskilling ranks second on EY's list of telco tribulations.

85% of CSP employees surveyed by EY reckon HR departments will require major or moderate change over the next five years to meet the talent and strategic needs of the business. And while 41% of telcos allow fully remote working, a majority of telco respondents said this method of working poses challenges when it comes to collaborating with colleagues and accessing workplace technology.

A new entry at number three is ineffective transformation through new technology.

According to EY's report, it's all well and good drawing up a plan to automate processes and migrate to software-based networks, but it must be implemented carefully to maximise value. It is also important to establish KPIs that keep tabs on their performance relative to legacy processes and systems.

"Telcos should carefully consider how best to phase emerging technology deployments, especially given the complex mix of software and hardware capabilities in scope, and the need to simplify legacy IT and networks," said Adrian Baschnonga, EY's global TMT lead analyst. "And telcos also face strategic choices specifically around AI on issues ranging from use case prioritisation to the selection of open-source or proprietary large language models (LLMs) – as well as vendor and partnership decisions."

Value chain disruption is another new entry, albeit at number eight.

As comms and connectivity becomes ever more widespread, the number and variety of potential competitors is expected to increase. As it stands, MVNOs are considered the single biggest threat to traditional telcos; however 76%of telco respondents believe hyperscalers will be a source of disruption in five years' time, while 29% are worried about the potential threat from satellite operators.

"As operators consider how best to mitigate the leading risks, they should continue to scan the horizon for new threats, while taking care to evaluate the evolving impact of existing risks on their organisations," said Foray.

"Looking ahead, effective mitigation strategies will hinge on understanding the interrelationship between risks that may initially appear self-contained, and understanding how positive actions to address one challenge may help to mitigate others," he added.

The full list of things keeping telco execs awake at night is below, and EY's report on them is accessible here, although you'll need to fill out a form first.

1. Underestimating changing imperatives in privacy, security and trust
2. Inadequate talent, skills and culture management
3. Ineffective transformation through new technologies
4. Poor management of the sustainability agenda
5. Inability to take advantage of new business models
6. Inadequate network reliability and resilience
7. Ineffective engagement with external ecosystems
8. Failure to mitigate value chain disruption
9. Inability to adapt to the changing regulatory and policy landscape
10. Inadequate operating models to maximise value creation