SUBSCRIBE NOW
IN THIS ISSUE
PIPELINE RESOURCES

Crawling, Walking, Running: How Telcos Can
Safely Expand into Cybersecurity Services

ORDER REPRINTS DOWNLOAD COMMENT DISCUSS SHARE

By: Jeff Hill

Telecommunications companies stand at an important crossroads. For more than a century, their role was clear: deliver reliable, secure connectivity to customers who trusted them implicitly. In the last two decades, telcos have extended their reach into cloud, hosting, and managed IT services. Now, with cyberattacks dominating the headlines, enterprise and mid-market customers are increasingly looking to these same providers for help protecting their data and operations.

The opportunity is enormous. The global market for managed security services is expected to grow at double-digit rates for the rest of the decade. Customers need trusted partners who can defend them against ransomware, insider threats, and sophisticated phishing campaigns. Telcos, with their brand recognition, scale, and existing billing and support infrastructure, are ideally positioned to fill that role. And yet, many hesitate. The cost of purchasing and operating a fully featured security platform runs into the tens of millions of dollars. Hiring the staff to run such a platform is even more daunting, especially in a global market where the talent shortage in cybersecurity is measured in the millions.

The risk of failure is real: if a telco misjudges the market, overinvests in the wrong technology, or fails to deliver credible service, it risks not just financial loss but also damage to its most important asset—customer trust. For these reasons, a measured approach is essential. One that starts with limited exposure and gradually builds capability and confidence. This is the essence of the crawl-walk-run model.

Crawling: A Low-Risk Entry Point

At the beginning of the journey, the most prudent move is to start small by partnering with a managed security service provider that already operates a multi-tenant platform. Instead of taking on the burden of building and staffing a security operations center, the telco leases tenants that can be branded under its own name. To the end customer, the service appears to come directly from the telco, but in reality, much of the operational heavy lifting is performed by the MSSP.

This “crawl” phase is less about building an empire and more about learning. A regional telco might begin by offering cybersecurity tenants to just a handful of its most demanding enterprise customers—a hospital, a financial firm, or a utility company. Each of these tenants would come with basic threat detection, alerting, and monitoring. While the MSSP manages day-to-day operations, the telco interacts with its customers, begins to understand their needs, and learns which services resonate most strongly.

What emerges in this stage is real data. The telco can measure how many alerts customers receive, how quickly they expect responses, and how satisfied they are with remediation efforts. The organization can experiment with different pricing models, compare the appeal of network monitoring against endpoint protection, and evaluate which verticals are most willing to pay for premium support. Importantly, the financial commitment remains modest, so any missteps carry little consequence. The crawl phase is, in effect, a “try before you buy” opportunity, enabling the telco to build credibility in cybersecurity without risking a costly failure.

Walking: Expanding and Deepening Services

Once a telco has several tenants under management and a clearer picture of customer expectations, it can begin to walk. This phase is marked by expansion in both breadth and depth. Services evolve beyond basic monitoring into more advanced capabilities such as managed detection and response, automated triage, or AI-guided incident analysis. Some providers begin to serve operational technology environments in addition to traditional IT networks, extending protection to factories, utilities, or transportation systems.

At this point, the telco typically begins investing in both people and processes. A handful of security analysts may be hired to handle escalations directly, reducing reliance on the MSSP for every incident. Internal teams become more involved in defining service levels, while branding and customer engagement shift more fully to the telco’s control. The result is not just stronger customer relationships but also higher margins.

Consider the example of a telco that began its journey by white-labeling services for three regional hospitals. In the crawl phase, most alerting and triage were handled by the MSSP. By year two, after recognizing that compliance requirements under HIPAA demanded more specialized handling, the telco hired its own analysts to intervene in high-severity cases. It added new capabilities such as automated phishing detection and incident response guidance, which not only improved outcomes but also allowed it to raise prices. Margins climbed from the low twenties into the high thirties, and customer loyalty deepened as hospitals came to view the telco as a true partner in protecting patient data.

The walking phase is transformative because it turns cybersecurity from a speculative add-on into a core line of business. Revenue scales, operational maturity grows, and the organization begins to see security as a central pillar of its service portfolio rather than an experiment.

Running: Owning the Platform

Eventually, the time comes when leasing and partial ownership are no longer enough. For many telcos, this occurs three to five years into the journey, once demand has proven consistent, revenues are predictable, and customers are seeking guarantees


FEATURED SPONSOR:

Latest Updates





Subscribe to our YouTube Channel