As regulations shift and providers enter new markets, the telecom industry is changing rapidly. In preparation for these changes, telecom risk management professionals must become aware of new risks on the horizon. Privacy and net neutrality laws, new kinds of cyber threats, reputational dangers, and other factors are all poised to affect telecom companies deeply in 2019. Jake Olcott, VP Government Affairs, BitSight explains.
Which trends are telecom risk professionals going to be focusing on this year?
GDPR and similar privacy laws are creating regulatory risk
GDPR, the European Union’s unprecedented privacy legislation, is impacting the way companies in Europe and the rest of the world do business. With strict rules about data protection and consumer access to their own data, GDPR has caused operational upheaval for many enterprise organisations.
As handlers of massive amounts of consumer data, telecom companies have had to take special precautions to become GDPR compliant.
Now, GDPR-like regulations seem to be appearing in other parts of the world. California signed their own privacy legislation, the California Consumer Privacy Act, into law in July 2018 and a number of other U.S. states, including Alabama and Colorado, also passed new data protection laws in 2018.
Even telecom providers that don’t operate within the EU will likely have to update their operations to become compliant with a variety of new privacy laws. In addition, the intense variation of both the requirements and consequences of these many different laws will create new regulatory risks for the industry.
Data breaches are coming from the digital supply chain
As the controllers of data networks, telecom companies have always been at the forefront of cybersecurity and data breach prevention.
However, while efforts have historically been focused on securing owned networks and infrastructure, new cyber risks have cropped up farther outside the telecom providers’ sphere of control.
As the interface between telecom companies and third-party technology providers increases, so does the risk of data breach from attacks or mistakes along the digital supply chain. Web support companies, cloud services providers, hardware partners, and others can expose telecom companies to threats that have the potential to affect sensitive systems and data.
For example, Comcast recently discovered two vulnerabilities related to their website that were disclosing sensitive customer information. The most recent of the two was an error in an API that was supposed to let customers search for their account information online, but instead released that information to any device or app connected to a customer’s network.
Autonomous vehicles introduce a whole new set of risks
Telecom companies, especially mobile network providers, are eyeing the autonomous vehicle industry as a potential avenue for growth. According to Deloitte, the number of consumers interested in renting or hiring an autonomous vehicle increased by nearly 15% between 2017 and 2018. Telecom companies and their new 5G networks are going to be integral to the emergence of autonomous vehicles, and many providers are looking at partnerships that extend beyond simple contractor relationships.
However, entering the autonomous car industry will open up a new set of regulatory risks for telecom companies. Existing automotive regulations are already complicated, and to make matters worse, autonomous vehicle regulations are in flux around the world. Until the technology improves and laws become more settled, operating in this industry will be particularly risky.
Telecom companies will have to decide if having an iron in the self-driving fire will require taking on too much regulatory risk.
End-user education will help prevent reputational risk
According to Deloitte’s Global Mobile Consumer Survey, fewer than one in five consumers believe they are “very well informed” about security risks in their connected home devices. Because telecom companies either control or provide many of the internet-enabled devices consumers use on a daily basis, there is the potential for reputational consequences due to a lack of end-user education.
When customers’ sensitive data is breached via in-home devices like smart TVs, cable boxes, or wireless routers, it creates a sense of vulnerability and violation. Breaches might be caused by malware that got in through a phishing email, failure to update firmware, or other user-related behaviours However, without good cyber risk awareness, users will likely still blame their telecom providers for a lack of security.
To manage reputational risk created by this trend, telecom providers should dedicate resources to educating end users about safely operating their connected devices and rolling out updates in a timely manner. Making cybersecurity awareness and education a part of marketing efforts can increase trust and decrease risk.
The net neutrality “patchwork” might be on its way
For U.S.-based telecom providers, no risk trend is bigger than net neutrality.
The FCC repealed Obama-era net neutrality rules in the summer of 2018, opening up new opportunities for the telecom industry. Since then, however, many individual states have taken up lawsuits against the agency or decided to enact their own net neutrality legislation.
For telecom providers, this has created a lot of uncertainty, and, as a result, a lot of risk. The biggest threat is that the U.S. will end up with a “patchwork” of net neutrality laws, creating a headache for product teams and risk professionals as they analyse the costs and benefits of providing different pricing structures or service offerings from state to state. One trade group spokesperson puts it this way: “The internet is not configured to handle geographic boundaries within the country and a system of barriers and levies across the internet will have a crippling effect on commerce and innovation.”
To contend with this outcome, telecom companies will need to ensure their risk management programs are mature and well-funded, with regulatory risk management software in place to keep track of shifting regulations.
It’s an exciting time for the telecom industry, with new technologies like 5G connectivity, autonomous vehicles, and IoT set to change the way customers live and work. However, with these changes come new sources of risk. Telecom risk management professionals will need to be on their toes through 2019 and beyond to ensure their organisations survive the threats posed by these new risk vectors.