Historically, telecom operators have had a spotty record of protecting consumers online. Embedding standards-based security protocols into network infrastructure has always been considered important – if not mandatory – but beyond that not a lot has been done. Reselling anti-virus software has been quite common going back many years. But traditionally that was for a very small subset of premium users who recognized the need for it (and were savvy enough to select, install and manage it themselves). Deploying DNS security to protect users of mobile and fixed services against malicious websites tended to be limited to a subset of the largest carriers in North America and Europe as well as one or two in Asia Pacific.
These operators increasingly see cybersecurity leadership as a critical brand differentiator and a sustainable revenue stream.
Traditionally, most CSPs weren’t all that interested in helping protect consumers against cyber threats, but that is in the process of changing. A number of incumbent telcos in developed markets like BT, Vodafone, Telefonica, AT&T, Deutsche Telekom, Verizon, and Orange are now investing in multiple additional layers of cybersecurity. In cases like these, promoting and selling consumer security is shifting from a medium term tactic to being a longer term strategy.
These operators increasingly see cybersecurity leadership as a critical brand differentiator and a sustainable revenue stream. Increasingly, security products aren’t offered as stand-alone purchases; they’re bundled in with different tiers of mobile and fixed broadband service package. As will be shown, there is also a growing appetite among telcos in developing markets for a baseline level of DNS security that can be extended to all their users – or at least large segments of them.
Before citing examples, let’s consider what’s driving this change. Consumers have become more exposed to cybersecurity risk in general, but it is exposure to online scams that has really ramped up. The Global Anti Scam Alliance (GASA) reckons that the total cost of all scams is now $1 trillion a year. In a November 2024 article in The Times, Lutz Schüler, CEO of Virgin Media O2, cited what he called “this tidal wave of criminality”, claiming fraud accounts for 40% of all UK crime and that “a quarter of people are targeted each week.” The terms ‘epidemic’ and ‘pandemic’ are routinely used to describe fraud now.
Governments are responding, along with critical stakeholders like banks, social media platforms and the telecom sector.
The problem is not concentrated on wealthy countries. According to GASA, Kenya, Vietnam, Brazil, and Thailand experience disproportionately high losses. Some scammers are also victims themselves. In countries like Cambodia, Laos, and Myanmar human trafficking gangs lure people in to modern day slavery with the promise of decent jobs. Then they detain them against their will, train them in call centres on how to defraud overseas victims, and even beat and torture them if they fail to meet their target.
Governments are responding, along with critical stakeholders like banks, social media platforms and the telecom sector. With 700 people attending in person and around the same number online, GASA’s London summit in March 2025 may have been the largest ever meeting of the global counter fraud community.
Three principles are becoming more deeply embedded in think tank and policy circles:
- Lots of consumers losing trust in online services to the point where they are deterred from using them is bad for business as well as bad for society.
- Consumers should not be blamed for being scammed by an AI-enhanced voice or image that looks or sounds a lot like their boss or their daughter – or by a call from a scammer posing as the local police department when the CLI that’s displayed is a number that is indeed associated with the local police department.
- Government has a clear obligation to intervene and demand more from industry to raise the costs of scamming operations to the criminals and to better protect consumers.
The formation of GASA in 2021, with GSMA featuring as a founding member, is one example of industry’s collective response. Another is the i3 Forum’s ‘Restore Trust in International Telecommunications’ initiative of March 2024. This has more than 34 leading telecom operator and vendor members participating, as well as GSMA. There are two parallel work streams within the ‘Restore Trust’ programme. The One Consortium has 44 leading telecom operator and vendor members. The Global Informal Regulatory Antifraud Forum (GIRAF) comprises 29 National Regulatory Authorities (NRAs).
The opportunity to grow incremental revenue is further fuelled by the goal that many telcos have of being leaders in the connected home or digital home space
Carrots and sticks
This market context has created new carrots and sticks for telecom operators to invest in consumer security. The heightened risk consumers face now has sharpened demand, making the business case more compelling. The opportunity to grow incremental revenue is further fuelled by the goal that many telcos have of being leaders in the connected home or digital home space with a variety of advanced home networking apps running on a home router. A cybersecurity software agent that secures any device connected to the home router often serves as the foundational app.
Telcos are also increasingly being subjected to the regulator’s ‘stick’’ in the form of new requirements to do more to protect consumers. New regulatory mandates to act on malicious CLI spoofing have been introduced in countries such as Australia and Finland and are now being implemented in Ireland, India, Belgium and Sweden. The Philippines is among the first countries in Asia Pacific to require telco engagement in the roll out of Protective Domain Name Services (PDNS). This began with the National Telecommunications Commission’s Memorandum Circular No. 001-01 2025 of January this year which sets new guidelines for internet traffic management and reporting in The Philippines.
The vendor community is also playing its part . On the software development side, the big driver is ease of use – for the telco’s own developers as well as for the end user. Vendors are also having to compete in terms of showing telcos how security can successfully be positioned and sold to consumers – drawing on the experience of other telco peers.
Figure 1: Telco spending on vendor security software
As shown in Figure 1 (above), HardenStance forecasts that telco spending on consumer security software will grow at a CAGR of 6.6% over the next six years – from $412 million in 2024 to $606 million in 2030. That figure spans the three categories of endpoint security, home router security agents and network based security. The latter includes DPI-based software as well as DNS based security but does not include investments to protect against telephony based fraud techniques like CLI spoofing. Vendors serving this market with a background in any one segment are investing or partnering in adjacent segments to offer telcos a comprehensive portfolio.
Leading vendors
In endpoint security, F-Secure is the incumbent market leader in terms of sales to telco partners. Once a key competitor, McAfee appears to have taken its eye off the telco channel in the last couple of years. The vendors running F-Secure closest now seem to be Gen Digital and Bitdefender. Telefonica Tech and 3 UK were among 7 new telco accounts Bitdefender won in Europe and Latin America in 2024. Among recent new account wins, Gen Digital counts T-Mobile (Czech Republic); Vox (South Africa) and A1 (Austria).
It’s a different story with network based security. Akamai has a large telco account footprint in DNS security, inherited via the 2017 acquisition of Nominum. But growing that footprint isn’t a priority for the company. The big mover in this market space is the Czech start-up, Whalebone. The company claimed a remarkable 17 new telco contracts during 2024. Half of them were outside its core European market, in regions as far afield as Asia Pacific, Latin America and Africa. PowerDNS is continuing to notch up wins in the telco market and Allot is active, with both DNS and DPI-based telco propositions. The telco channel hasn’t featured prominently in Infoblox’s corporate strategy in the last couple of years. However, some of the company’s recent communications suggest that it too may recognize the opportunity for telcos in emerging markets, including as providers of PDNS services.
It’s another different story in the home router security agent space. Having built up a large North American footprint of RDK-B deployments with cable MSOs, Cujo AI is now rolling out at scale in Europe with Deutsche Telekom’s European affiliates as well as with Sky in the UK and Italy. Virgin Media and Ziggo are selling RDK-B routers in the UK and the Netherlands respectively, with Sam Seamless Network security agents running on some of them. 2025 has been a good year for acceleration of prpl, the open source home router ecosystem backed by Orange, AT&T, Verizon and others. Orange launched commercially in Jordan and is expected to launch in Morocco imminently with Bitdefender set to see its prpl security app become the first to be commercially deployed.
At just over $400 million world-wide in 2024, it’s worth reflecting that this investment telcos are making in consumer security software is still pretty small. If it were only telcos in the EU investing this amount, it would add up to less than $1 per year for every EU citizen. The more positive take is that even if the growth trajectory isn’t as steep as many of us would like, it is at least a solid growth trajectory.
About the author and more from HardenStance:
Patrick Donegan is Founder & Principal Analyst, HardenStance. HardenStance is updating its Telco Strategies for Consumer Security 2026 with a new webinar to be held on February 10th, 2026. Attendees of the webinar will also receive the first copies of its new Report.
