IoT security: The foundation for growth beyond connectivity

Introduction

The European Union Agency for Cybersecurity (ENISA) defines the IoT as “a cyber-physical ecosystem of interconnected sensors and actuators, which enable intelligent decision making.” In this ecosystem, the information or data flows among the various components of the IoT enable informed decision making for machines, objects, and the spaces in which they operate. Through this web of tightly interconnected cyber-physical systems, the IoT underpins a variety of applications such as smart cities, smart factories, smart agriculture and so forth.

While these applications touch all the areas of our living and working activities, bringing enormous benefits and possibilities, they also exacerbate system complexities and, in turn, significantly enlarge the domain of threats and risks. As a result, securing the IoT is a very complex task, involving the implementation of highly specialised security measures. In market terms, this complexity translates into rich ecosystems of skills and expertise, where there is not one player in charge of securing the IoT, but it is both a responsibility and an opportunity for all players in the value chain.

Thinking about IoT security, the fundamental objective is ensuring the trust between the provider of an IoT solution and the IoT solution adopter. Microsoft IoT Signals, a well-known survey of 3,000 organisations adopting the IoT, emphasizes this in its 2021 edition, where 91% of the organisations surveyed have security concerns about adopting the IoT. 29% of those organisations do not scale their IoT solution due to security concerns. These concerns hamper the benefits enterprises can gain from IoT solutions. For instance, in the same survey, more than 55% of organisations said they were becoming more efficient adopting the IoT, and 23% claimed that their IoT solution has a direct impact on revenue growth. These benefits come from the variety and volume of data gathered through the IoT to drive better informed operational decisions. The result is that IoT data becomes a fundamental and necessary asset that must be protected.

While managing security risks in IoT is often perceived as a necessary burden, this report will instead highlight securing the IoT as an opportunity. For telecoms operators, this opportunity may not always be directly evident in new revenues, but it is fundamental to the creation of trust between provider and the adopter of IoT services. That trust, built through IoT security services, provides a stronger foundation from which to develop new revenue-generating services beyond connectivity.

This report also argues that by building more comprehensive data insights services into their existing IoT platforms mobile network operators are in a strong position to bring that trust to enterprises. As operators expand their security offers from well-known security functions provided at connectivity level – almost embedded in an operator – to more sophisticated security services across the IoT architecture, they can position themselves as a partner and guide to enterprises as they likewise become more sophisticated in their security needs.

The report is structured in three main parts:

  1. Discussion of the key vulnerabilities in the IoT and responses to those defined by regulators and security bodies such as ENISA, NIST, IoT Security Foundation and others.
  2. Analysis of the roles mobile network operators are playing in the IoTsecurity services market.
  3. Analysis of the opportunities for mobile network operators in security services for the IoT.

The research is based on the author’s extensive experience in IoT security, and enriched by interviews with IoT security experts close to the world of mobile network operators. Finally, an understanding of the most authoritative guidelines and analysis (ENISA, NIST, IoTSF, GSMA, OWASP) on IoT security supports the research.

Enter your details below to download an extract of the report

var MostRecentReportExtractAccess = “Most_Recent_Report_Extract_Access”;
var AllReportExtractAccess = “All_Report_Extract_Access”;
var formUrl = “https://go.stlpartners.com/l/859343/2022-02-16/dg485”;
var title = encodeURI(document.title);
var pageURL = encodeURI(document.location.href);
document.write(‘‘);

Why IoT security is rising up the agenda

In the fervent debates on the development of the IoT, the security aspect is often hidden or avoided. This stems from a common view among IoT solution companies and end-users that security is a heavy point of discussion that hampers business enthusiasm. This perspective is both unhelpful and dangerous, actively hindering greater scale and trust in the IoT. We strongly believe the argument should be flipped around. Although IoT security is a fundamental risk for the development of the IoT, it is also the means through which to develop robust, reliable, and lucrative IoT solutions. Therefore, IoT security should become a priority in IoT strategy and project development.

There are three considerations that are driving a fundamental shift in perceptions of security from a barrier to an enabler of IoT solutions, both among providers and adopters:

  1. Rising frequency and prevalence of avoidable large scale IoT security breaches.  There are plenty of examples of hacking of connected devices and large IoT systems that have dramatically compromised IoT solutions’ functioning, the business case linked to them, and relationships with customers. Recent examples include:
    • In May 2021, Colonial Pipe suffered a ransomware attack that impacted the computerised equipment monitoring the entire pipeline system from Texas to New Jersey, carrying 2.5 million barrel of oil a day. The entire system, based on a vast IoT solution of several sensors along the pipeline, was blocked. To re-boot the system, Colonial Pipeline paid 75 Bitcoin (the equivalent of $4.4 million at the time). (The solution to this type of breach is implementation of a remediation strategy.)
    • Consumer IoT devices are no less attractive than big corporations to hackers. In June 2021, the McAfee Advanced Threat Research identified a potential security vulnerability in the Peleton Bike+: “The ATR team recently disclosed a vulnerability (CVE-2021-3387) in the Peloton Bike+, which would allow a hacker with either physical access to the Bike+ or access during any point in the supply chain (from construction to delivery), to gain remote root access to the Peloton’s tablet. The hacker could install malicious software, intercept traffic and user’s personal data, and even gain control of the Bike’s camera and microphone over the internet.” The Peleton Bike+ vulnerability almost become a matter of national security in the US, considering that President Jo Biden is, apparently, a Peleton Bike+ user. (The security solution to this type of breach is software and system updates.)

2. Regulatory bodies are responding to the increasing incidence of IoT attacks with guidelines and regulations. Realising the danger of connected devices and systems developed with inappropriate security features, regulators worldwide are issuing specific procedures and policies in IoT security. In some cases these are mandatory and in other cases function as guidance and support.

    • Australia has created a voluntary code of practice, Securing the Internet of Things for Consumers, focussing on issues of authorisation, authentication, and access of IoTdata in consumer devices.
    • Singapore has issued the IoT Cyber Security Guide to support enterprises to develop secure IoT systems. Enterprises should also comply to IoT-related standards in sensors, sensor networks, and devices.
    • The United Kingdom has focussed on security around IoT devices with the first Code of Practice for Consumer IoT Security published in 2018.
    • The European Union is focussing on the development of an “IoT Trust” label for IoT consumer devices.
    • The United States launched legislation in 2020 – IoT Cybersecurity Improvements Act – which, through a combination of subsidies and project grants, incentivises companies that build and sell IoT solutions to develop them with a security-by-design

These initiatives are all specifically designed around IoT devices and systems. However, it is important to highlight that the relevant legal framework is wider. For example, in the European Union, the three key regulations applying to the sale and use of IoT devices and ecosystems are CE Marking (health and safety of products sold in the EU), GDPR, and the Network and Information Security Directive (NIS Directive). It is well known, but important to stress it, that violation of GDPR – data breaches and misuses of data – can cost up to EUR20 million. A similar legal framework exists in the United States, in which there are three Acts relevant for IoT devices: Federal Trade Commission Act (FTC Act), the Cyber Security Information Sharing Act (CISA), and the Children’s Online Privacy Protection Act (COPPA). Those who violate America’s Federal Trade Commission Act could face fines of $41,484 per violation, per day.

It is also worth noting that many of these regulations focus on the consumer IoT because it has been the weakest in terms of attention to security features, there is a direct link to data privacy (i.e. by hacking into IoT devices malicious actors can gain access to other digital profile data), and most consumers do not have the skill or resources to protect themselves.

3. The increasing business and economic impact of IoT data. Organisations of all kinds are increasingly relying on data for their strategy development, optimisation of processes, increasing engagement with customers and innovating their business models. The data needed for all these activities is increasingly machine generated by an IoT solution. To illustrate this value, there have been several studies on understanding the economic impact of IoT data. For example, in April 2019, GSMA Intelligence estimated that the economic impact of IoT on business productivity was in the order of $175bn, 0.2% of the global GDP. GSMA Intelligence also forecasted that by 2025 the economic impact would increase to $371bn, 0.34% of the global GDP, with IoT companies generating almost a trillion dollar in revenues. Ultimately, if a competitor or malicious actors gets hold of an organisation’s data, then they have accessed one of its most important assets. Therefore, as organisations become ever more data-driven in their strategic decision making, the importance of securing the systems gathering and storing that data will rise.

Defining IoT Security

The US NIST (National Institute for Standards and Technology) defines cyber-risk as “a function of the probability of a given threat source’s exercising any potential vulnerability and the resulting impact of that adverse event on the organisation.” The IoT security risk is one of many cyber-risks to any organisation and refers to the unforeseen exploitation of IoT system vulnerabilities to gain access to assets with the intent to cause harm.

A major challenge in assessing the IoT system vulnerabilities and threats comes from the technological complexity of an IoT solution and the diversity of applications and environments the IoT solution serves. Therefore, IoT security can be assessed in two levels. The first level regards the IoT architectural stack, which is common to different domains and applications. The second level is solution-specific and requires specialised services depending on the domain of applications.

The starting point of the analysis is a model of IoT architecture, illustrated in a simplified format in the diagram below.

Simplified IoT  architecture

Simplified-IoT-architecture-STL-Partners

Source: STL Partners

 

Table of contents

  • Executive Summary
    • Security can enable MNOs to build beyond connectivity in IoT
    • Next steps: Building on security in the Coordination Age
  • Introduction
    • Why IoT security is rising up the agenda
  • Defining IoT security
    • Key IoT vulnerabilities
    • Enterprises’ view on securing IoT
    • How to meet enterprise needs: Delivering security across three dimensions
  • Mobile operators’ roles in IoT security
    • Telco strategy comparison: IoT security offers vs dedicated business units
    • Assessing operators’ security services by function
    • Takeaways
  • Future growth trends for operators to capitalise on
    • eSIM and integrated eSIM (iSIM) capabilities
    • 5G private network security services
    • Managing encryption requirements
    • Blockchain in telecommunications
    • Secure communication through quantum information and communication technology

Related research

Enter your details below to download an extract of the report

var MostRecentReportExtractAccess = “Most_Recent_Report_Extract_Access”;
var AllReportExtractAccess = “All_Report_Extract_Access”;
var formUrl = “https://go.stlpartners.com/l/859343/2022-02-16/dg485”;
var title = encodeURI(document.title);
var pageURL = encodeURI(document.location.href);
document.write(‘‘);
 

Why the consumer IoT is stuck in the slow lane

A slow start for NB-IoT and LTE-M

For telcos around the world, the Internet of Things (IoT) has long represented one of the most promising growth opportunities. Yet for most telcos, the IoT still only accounts for a low single digit percentage of their overall revenue. One of the stumbling blocks has been relatively low demand for IoT solutions in the consumer market. This report considers why that is and whether low cost connectivity technologies specifically-designed for the IoT (such as NB-IoT and LTE-M) will ultimately change this dynamic.

NB-IoT and LTE-M are often referred to as Massive IoT technologies because they are designed to support large numbers of connections, which periodically transmit small amounts of data. They can be distinguished from broadband IoT connections, which carry more demanding applications, such as video content, and critical IoT connections that need to be always available and ultra-reliable.

The initial standards for both technologies were completed by 3GPP in 2016, but adoption has been relatively modest. This report considers the key B2C and B2B2C use cases for Massive IoT technologies and the prospects for widespread adoption. It also outlines how NB-IoT and LTE-M are evolving and the implications for telcos’ strategies.

This builds on previous STL Partners’ research, including LPWA: Which way to go for IoT? and Can telcos create a compelling smart home?. The LPWA report explained why IoT networks need to be considered across multiple generations, including coverage, reliability, power consumption, range and bandwidth. Cellular technologies tend to be best suited to wide area applications for which very reliable connectivity is required (see Figure below).

IoT networks should be considered across multiple dimensions

IoT-networks-disruptive-analysis-stl-2021
Source: Disruptive Analysis

 

Enter your details below to request an extract of the report

The smart home report outlined how consumers could use both cellular and short-range connectivity to bolster security, improve energy efficiency, charge electric cars and increasingly automate appliances. One of the biggest underlying drivers in the smart home sector is peace of mind – householders want to protect their properties and their assets, as rising population growth and inequality fuels fear of crime.

That report contended that householders might be prepared to pay for a simple and integrated way to monitor and remotely control all their assets, from door locks and televisions to solar panels and vehicles.  Ideally, a dashboard would show the status and location of everything an individual cares about. Such a dashboard could show the energy usage and running cost of each appliance in real-time, giving householders fingertip control over their possessions. They could use the resulting information to help them source appropriate insurance and utility supply.

Indeed, STL Partners believes telcos have a broad opportunity to help coordinate better use of the world’s resources and assets, as outlined in the report: The Coordination Age: A third age of telecoms. Reliable and ubiquitous connectivity is a key enabler of the emerging sharing economy in which people use digital technologies to easily rent the use of assets, such as properties and vehicles, to others. The data collected by connected appliances and sensors could be used to help safeguard a property against misuse and source appropriate insurance covering third party rentals.

Do consumers need Massive IoT?

Whereas some IoT applications, such as connected security cameras and drones, require high-speed and very responsive connectivity, most do not. Connected devices that are designed to collect and relay small amounts of data, such as location, temperature, power consumption or movement, don’t need a high-speed connection.

To support these devices, the cellular industry has developed two key technologies – LTE-M (LTE for Machines, sometimes referred to as Cat M) and NB-IoT (Narrowband IoT). In theory, they can be deployed through a straightforward upgrade to existing LTE base stations. Although these technologies don’t offer the capacity, throughput or responsiveness of conventional LTE, they do support the low power wide area connectivity required for what is known as Massive IoT – the deployment of large numbers of low cost sensors and actuators.

For mobile operators, the deployment of NB-IoT and LTE-M can be quite straightforward. If they have relatively modern LTE base stations, then NB-IoT can be enabled via a software upgrade. If their existing LTE network is reasonably dense, there is no need to deploy additional sites – NB-IoT, and to a lesser extent LTE-M, are designed to penetrate deep inside buildings. Still, individual base stations may need to be optimised on a site-by-site basis to ensure that they get the full benefit of NB-IoT’s low power levels, according to a report by The Mobile Network, which notes that operators also need to invest in systems that can provide third parties with visibility and control of IoT devices, usage and costs.

There are a number of potential use cases for Massive IoT in the consumer market:

  • Asset tracking: pets, bikes, scooters, vehicles, keys, wallets, passport, phones, laptops, tablets etc.
  • Vulnerable persontracking: children and the elderly
  • Health wearables: wristbands, smart watches
  • Metering and monitoring: power, water, garden,
  • Alarms and security: smoke alarms, carbon monoxide, intrusion
  • Digital homes: automation of temperature and lighting in line with occupancy

In the rest of this report we consider the key drivers and barriers to take-up of NB-IoT and LTE-M for these consumer use cases.

Table of Contents

  • Executive Summary
  • Introduction
  • Do consumers need Massive IoT?
    • The role of eSIMs
    • Takeaways
  • Market trends
    • IoT revenues: Small, but growing
  • Consumer use cases for cellular IoT
    • Amazon’s consumer IoT play
    • Asset tracking: Demand is growing
    • Connecting e-bikes and scooters
    • Slow progress in healthcare
    • Smart metering gains momentum
    • Supporting micro-generation and storage
    • Digital buildings: A regulatory play?
    • Managing household appliances
  • Technological advances
    • Network coverage
  • Conclusions: Strategic implications for telcos

 

Enter your details below to request an extract of the report

eSIM: How Much Should Operators Worry?

What is eSIM? Or RSP?

There is a lot of confusion around what eSIM actually means. While the “e” is often just assumed to stand for “embedded”, this is only half the story – and one which various people in the industry are trying to change.

In theory the term “eSIM” refers only to the functionality of “remote provisioning”; that is, the ability to download an operator profile to an in-market SIM (and also potentially switch between profiles or delete them). This contrasts with the traditional methods of pre-provisioning specific, fixed profiles into SIMs during manufacture. Most SIMs today have a particular operator’s identity and encryption credentials set at the factory. This is true of both the familiar removable SIM cards used in mobile phones, and the “soldered-in” form used in some M2M devices.

In other words, the original “e” was a poor choice – it was intended to stand for “enhanced”, “electronic” or just imply “new and online” like eCommerce or eGovernment. In fact, the first use in 2011 was for eUICC – the snappier term eSIM only emerged a couple of years later. UICCs (Universal Integrated Circuit Cards) are the smart-card chips themselves, that are used both in SIMs and other applications, for example, bank, transport and access-security cards. Embedded, solderable SIMs have existed for certain M2M uses since 2010.

In an attempt to separate out the “form factor” (removable vs. embedded) aspect from the capability (remote vs. factory provisioned), the term RSP sometimes gets used, standing for Remote SIM Provisioning. This is the title of GSMA’s current standard. But unsurprisingly, the nicer term eSIM is hard to dislodge in observers’ consciousness, so it is likely to stick around. Most now think of eSIMs as having both the remote-provisioning function and an embedded non-removable form-factor. In theory, we might even get remote-provisioning for removable SIMs (the 2014 Apple SIM was a non-standard version of this).

Figure 1: What does eSIM actually mean?

What does esim mean

Source: Disruptive Analysis

This picture is further muddied by different sets of GSMA standards for M2M and consumer use-cases at present, where the latter involves some way for the end-user to choose which profiles to download and when to activate them – for example, linking a new cellular tablet to an existing data-plan. This is different to a connected car or an industrial M2M use-case, where the manufacturer designs in the connectivity, and perhaps needs to manage whole “fleets” of eSIMs together. The GSMA M2M version of the standards were first released in 2013, and the first consumer specifications were only released in 2016. Both are being enhanced over time, and there are intentions to develop a converged M2M/consumer specification, probably in H2 2017.

eSims vs Soft-SIM / vSims

This is another area of confusion – some people confuse eSIMs with the concept of a “soft-SIM” (also called virtual SIMs/vSIMs). These have been discussed for years as a possible option for replacing physical SIM chips entirely, whether remotely provisioned, removable/soldered or not. They use purely software-based security credentials and certificates, which could be based in the “secure zone” of some mobile processors.

However, the mobile industry has strongly pushed-back on the Soft-SIM concept and standardisation, for both security reasons and also (implicit) commercial concerns. Despite this we are aware of at least two Asian handset vendors that have recently started using virtual SIMs for roaming applications.

For now, soft-SIMs appear to be far from the standards agenda, although there is definitely renewed interest. They also require a secondary market in “profiles”, which is at a very early stage and not receiving much industry attention at the moment. STL thinks that there is a possibility that we could see a future standardised version of soft-SIMs and the associated value-chain and controls, but it will take a lot of convincing for the telco industry (and especially GSMA) to push for it. It might get another nudge from Apple (which indirectly catalysed the whole eSIM movement with a 2010 patent), but as discussed later that seems improbable in the short term.

Multi-IMSI: How does multi-IMSI work?

It should also be noted that multi-IMSI (International Mobile Subscriber Identity) SIMs are yet another category here. Already used in various niches, these allow a single operator profile to be associated with multiple phone numbers – for example in different geographies. Combined with licences in different countries or multiple MVNO arrangements, this allows various clever business models, but anchored in one central operator’s system. Multi-local operators such as Truphone exploit this, as does Google in its Fi service which blends T-Mobile US and Sprint networks together. It is theoretically possible to blend multi-IMSI functionality with eSIM remote-provisioning.

eSIMs use cases and what do stakeholders hope to gain

  • There are two sets of use-cases and related stakeholder groups for eSIMs:
  • Devices that already use cellular radios & SIMs today; This group can be sub-divided into:
    • Mobile phones
    • M2M uses (e.g. connected cars and industrial modules)
    • Connected devices such as tablets, PC dongles and portable WiFi hotspots.
  • Devices that do not have cellular connectivity currently; this covers a huge potential range of IoT
    devices.
  • Broadly speaking, it is hoped that eSIM will improve the return on investment and/or efficiency of existing cellular devices and services, or help justify and enable the inclusion of cellular connections in new ones. Replacing existing SIMs is (theoretically) made easier by scrutinising existing channels and business processes and improving them – while new markets (again theoretically) offer win-win scenarios where there is no threat of disruption to existing business models.

The two different stakeholders want to receive different benefits from eSIMs. Mobile operators want:

  • Lower costs for procuring and distributing SIMs.
  • Increased revenue from adding more cellular devices and related services, which can be done incrementally with an eSIM, e.g. IoT connectivity and management.
  • Better functionality and security compared to competing non-cellular technologies.
  • Limited risk of disintermediation, increased churn or OEMs acting as gatekeepers.

And device manufacturers want:

  • To reduce their “bill of material” (BoM) costs and number of design compromises compared to existing removable SIMs
  • To sell more phones and other connected devices
  • To provide better user experience, especially compared to competing OEMs / ecosystems
  • To create additional revenue streams related to service connectivityTo upgrade existing embedded (but non-programmable) soldered SIMs for M2M

The truth, however, is more complex than that – there needs to be clear proof that eSIM improves existing devices’ costs or associated revenues, without introducing extra complexity or risk. And new device categories need to justify the addition of the (expensive, power-consuming) radio itself, as well as choosing SIM vs. eSIM for authentication. In both cases, the needs and benefits for cellular operators and device OEMs (plus their users and channels) must coincide.

There are also many other constituencies involved here: niche service providers of many types, network equipment and software suppliers, IoT specialists, chipset companies, enterprises and their technology suppliers, industry associations, SIM suppliers and so forth. In each case there are both incumbents, and smaller innovators/disruptors trying to find a viable commercial position.

This brings in many “ifs” and “buts” that need to be addressed.

Contents

  • Executive Summary
  • Introduction: What is eSIM? Or RSP?
  • Not a Soft-SIM, or multi-IMSI
  • What do stakeholders hope to gain?
  • A million practical problems So where does eSIM make sense?
  • Phones or just IoT?
  • Forecasts for eSIM
  • Conclusion 

 

  • Figure 1: What does eSIM actually mean?
  • Figure 2: eSIM standardisation & industry initiatives timeline
  • Figure 3: eSIM shipment forecasts, by device category, 2016-2021

The European Telecoms market in 2020, Report 1: Evaluating 10 forces of change

Introduction

Telecoms – the times they are a changin’

The global telecoms market is experiencing change at an unprecedented pace.  As recently as 2012 , few would have predicted that consumer voice and messaging would be effectively ‘given away’ with data packages in 2015.  Yet today, the shift towards data as the ‘valuable’ part of the mobile bundle has been made in many European markets and, although many operators still allocate a large proportion of revenue to voice and messaging, the value proposition is clearly now ‘data-led’.

Europe, in particular, is facing great uncertainty

While returns on investment have steadily reduced in European telecoms, the market has remained structurally fragmented with a large number of disparate players – fixed-only; mobile-only; converged; wholesalers; enterprise-only; content-oriented players (cablecos); and so forth. Operators generally have continued to make steady economic returns for investors and have been considered ‘defensive stocks’ by the capital markets owing to an ability to generate strong dividend yields and withstand economic down-turns (although Telefonica’s woes in Spain will attest to the limitations of the telco business model to recession).

But the forces of change in Europe are growing and, as a company’s ‘Safe Harbor’ statement would put it, ‘past performance does not guarantee future results’. Strategists are puzzling over what the European telecoms industry might look like in 2020 (and how might that affect their own company) given the broad range of forces being exerted on it in 2015.

STL Partners believes there are 12 questions that need to be considered when considering what the European telecoms market might look like in 2020:

  1. How will regulation of national markets and the wider European Union progress?
  2. How will government policies and the new EC Digital Directive impact telecoms?
  3. How will competition among traditional telecoms players develop?
  4. How strong will new competitors be and how will they compete with operators?
  5. What is the revenue and margin outlook for telecoms core services?
  6. Will new technologies such as NFV, SDN, and eSIM, have a positive or negative effect on operators?
  7. How will the capital markets’ attitude towards telecoms operators change and how much capital will be available for investment by operators?
  8. How will the attitudes and behaviours of customers – consumer and enterprise – evolve and what bearing might this have on operators’ business models?
  9. How will the vision and aspirations of telecoms senior managers play out – will digital services become a greater focus or will the ‘data pipe’ model prevail? How important will content be for operators? What will be the relative importance of fixed vs mobile, consumer vs enterprise?
  10. Will telcos be able to develop the skills, assets and partnerships required to pursue a services strategy successfully or will capabilities fall short of aspirations?
  11. What M&A strategy will telco management pursue to support their strategies: buying other telcos vs buying into adjacent industries? Focus on existing countries only vs moves into other countries or even a pan-European play?
  12. How effective will the industry be in reducing its cost base – capex and opex – relative to the new competitors such as the internet players in consumer services and IT players in enterprise services?

Providing clear answers to each of these 12 questions and their combined effect on the industry is extremely challenging because:

  • Some forces are, to some extent at least, controllable by operators whereas other forces are largely outside their control;
  • Although some forces are reasonably well-established, many others are new and/or changing rapidly;
  • Establishing the interplay between forces and the ‘net effect’ of them together is complicated because some tend to create a domino effect (e.g. greater competition tends to result in lower revenues and margins which, in turn, means less capital being available for investment in networks and services) whereas other forces can negate each other (e.g. the margin impact of lower core service revenues could be – at least partially – offset by a lower cost base achieved through NFV).

The role of this report

In essence, strategists (and investors) are finding it very difficult to understand the many and varied forces affecting the telecoms industry (this report) and predict the structure of and returns from the European telecoms market in 2020 (Report 2). This, in turn, makes it challenging to determine how operators should seek to compete in the future (the focus of a STL Partners report in July, Four strategic pathways to Telco 2.0).

In summary, the European Telecoms market in 2020 reports therefore seek to:

  • Identify the key forces of change in Europe and provide a useful means of classifying them within a simple and logical 2×2 framework (this report);
  • Help readers refine their thoughts on how Europe might develop by outlining four alternative ‘futures’ that are both sufficiently different from each other to be meaningful and internally consistent enough to be realistic (Report 2);
  • Provide a ‘prediction’ for the future European telecoms market based on the responses of two ‘wisdom of crowds’ votes conducted at a recent STL Partners event for senior managers from European telcos plus our STL Partners’ own viewpoint (Report 2).
  • Executive Summary
  • Introduction
  • Telecoms – the times they are a changin’
  • Europe, in particular, is facing great uncertainty
  • The role of this report
  • Understanding and classifying the forces of change
  • External (market) forces
  • Internal (telco) forces
  • Summary: The impact of internal and external forces over the next 5 years
  • STL Partners and Telco 2.0: Change the Game

 

  • Figure 1: O2’s SIM-only pay monthly tariffs – many with unlimited voice and messaging bundled in
  • Figure 2: A framework for classifying telco market forces: internal and external
  • Figure 3: Telefonica dividend yield vs Spanish 10-year bond yield
  • Figure 4: Customer attitudes to European telecoms brands – 2003 vs 2015
  • Figure 5: Summarising the key skills, partnerships, assets and culture needed to realise ambitions
  • Figure 6: SMS Price vs. penetration of Top OTT messaging apps in 2012
  • Figure 7: Summary of how internal and external forces could develop in the next 5 years