Europe’s telecom sector has quietly achieved something remarkable: despite record-breaking numbers of network incidents, downtime for users has plummeted.

According to ENISA data featured in a new Connect Europe study by Copenhagen Economics, European telecoms reported 188 significant network incidents in 2024 — yet lost connectivity hours dropped 85% compared to 2022.

That’s no small feat in a world where everything — from hospitals to digital payments — depends on connectivity.

“Security is in our DNA,” one operator told researchers. The study, based on interviews with experts from Deutsche Telekom, KPN, Orange, Telefónica, Telecom Italia, Telenor, and United Group, confirms that telecom security has become a full-scale operational philosophy rather than a compliance exercise.

The price of digital safety keeps climbing

Still, the costs are immense — and growing. Telecom operators now embed security into nearly every layer of their operations, from fibre rollout to AI-driven threat monitoring.
Gartner estimates that IT security now accounts for 7.3% of all telecom IT spending worldwide, and European operators face even higher costs because of fragmented rules and overlapping national regulations.

A 2025 Ofcom study found that providing four-hour battery backup for mobile networks in the UK alone would cost up to €5.2 billion. Scaled to EU population size, that’s roughly €17–34 billion in resilience investments — just to keep the lights (and networks) on during blackouts.

As Connect Europe’s Managing Director Alessandro Gropelli put it:

“Improving the investment environment for connectivity is crucial if telecom operators are to further enhance security and resilience. An ambitious Digital Networks Act could make Europe not only more competitive, but also more secure.”

A complex risk landscape—and new frontlines

The report outlines five major risk sources for European operators:

• System failures (38% of incidents in 2024)
• Third-party failures (35%)
• Natural events (12%)
• Human error (9%)
• Malicious actions (7%)

System failures remain the biggest culprit — but the real growth has come from external dependencies like power outages and climate-related disruptions. Storm Éowyn, which hit Ireland in January 2025, wiped out mobile service for more than a third of users — showing that resilience depends as much on energy grids as on telecoms themselves.

Meanwhile, malicious attacks are becoming more hybrid and geopolitical. ENISA warns that cyberattacks and sabotage are increasingly tied to state or activist motives, from cable cuts to DDoS waves.

And it’s not just hackers: recent sabotage of Swedish cell towers and Baltic subsea cables has led NATO to launch “Baltic Sentry,” a mission to protect Europe’s underwater internet arteries.

How operators are fighting back

European telecoms are throwing everything at the problem — and innovating in the process.

Their daily routines now include automated vulnerability scanning, AI threat detection, and 24/7 incident response teams. Deutsche Telekom, for instance, processes up to 40,000 attempted cyberattacks per minute through its automated defence systems.

They’re also testing quantum-secure communication — preparing for a future when quantum computers could break today’s encryption. Projects like Telefónica’s MadQCI and Deutsche Telekom’s Nostradamus are laying the foundation for Europe’s quantum-safe networks of tomorrow.

Some operators are turning defence into a business opportunity.
Telefónica Tech, Deutsche Telekom Security, and Telia Company all sell “security-as-a-service” to companies and governments, protecting clients from DDoS attacks, data theft, and fraud — leveraging the same tools that protect their own infrastructure.

Europe’s policy challenge: cut red tape, grow talent

The report identifies three key areas where European policymakers must act:

1. Invest smarter: Support security and resilience through clear frameworks, merger reviews, and public funding where societal interests outweigh commercial logic.
2. Simplify rules: Remove overlapping regulations and duplicated reporting that drain resources and slow innovation.
3. Train talent: Develop an EU-wide cybersecurity skills strategy to close the growing workforce gap.

Without these steps, telecoms risk being bogged down in compliance rather than capacity-building—and Europe risks falling behind regions like the U.S. and Asia, where streamlined regulation and AI-driven security give operators more flexibility.

Conclusion: Resilience is Europe’s next telecom battleground

Europe’s telecom operators have proven they can harden networks and cut downtime despite mounting threats—but the next challenge isn’t survival; it’s sustainability.

Security can’t remain a sunk cost; it must become a competitive differentiator, just as AI and cloud-native networks are redefining leadership in North America and Asia.

For Europe to stay ahead, it needs coordinated action—not more regulation. Otherwise, as the report subtly warns, the continent could end up protecting yesterday’s networks instead of preparing for tomorrow’s.