Cybersecurity in the AI Era: Key Takeaways from MWC 2025

Cybersecurity was a major focus at MWC 2025, with industry leaders discussing AI, security by design, evolving threats, and the role of CISOs in enabling business innovation. Experts from Lenovo, BT, Vodafone, and Palo Alto Networks explored how organisations can stay ahead in an increasingly complex security landscape. At Deloitte we were also displaying our Cyber Shield (Satellite Security) and Cyber Sphere (AI driven - SIEM/Threat detection) capability.

Here are some of the key themes that have emerged from talks, and walking the floors at MWC.

1. AI in Cybersecurity: A Double-Edged Sword

Artificial Intelligence (AI) is reshaping cybersecurity, both as a tool for defenders and a weapon for attackers. While AI enhances detection and response times, threat actors are also leveraging it to scale their attacks.

"We see AI as potentially one way to actually reverse the defender's dilemma," noted one panelist, highlighting how AI can help security teams move faster in identifying and neutralizing threats. The key advantage is speed—reducing detection time from hours or days to minutes, minimizing damage.

However, there is a significant risk if AI is not used responsibly. "Every organization needs to have a responsible AI policy… AI is going to become a source of major problems if not properly assessed," warned another speaker. This is particularly concerning as hackers are using AI-powered tools to automate phishing attacks and exfiltrate sensitive data within moments.

A strong governance framework around AI is essential, including continuous evaluation of AI models, standardization efforts, and industry-wide certifications to ensure security remains a priority.

2. Security by Design & Zero Trust: More Than Buzzwords

The Zero Trust model and Security by Design are becoming the foundation of modern cybersecurity strategies. These approaches emphasize constant verification, limiting access, and embedding security into digital transformation from the outset.

As one panelist pointed out, the increasing connectivity of critical infrastructure makes telecom networks prime targets: "If you look at the Ukrainian situation, the first attack that was done before the invasion happened was actually on the communication infrastructure. That’s how vital it is."

Organizations are now prioritizing security telemetry data, ensuring that network security, cloud assets, and endpoints work in unison to detect breaches in real time. One speaker emphasized, "You need to have sharp glasses… and sharp glasses come from having enough telemetry data across the security stack."

This is particularly important as regulations tighten around cybersecurity incident reporting. In Europe, companies must report major breaches within 24 hours, while in the U.S., the SEC requires disclosure within four days. These regulations are driving investments in automated detection and AI-driven threat intelligence.

3. The Evolving Role of the CISO: From Gatekeeper to Business Enabler

The traditional role of the Chief Information Security Officer (CISO) is evolving. No longer just the "department of no," CISOs must now enable business innovation while managing risk.

"The age of ‘security won’t let us do this’ is over," stated one panelist. The challenge now is balancing security with agility, ensuring that digital transformation does not compromise trust.

The importance of cybersecurity culture within an organization was another key theme. One speaker from Vodafone highlighted how their approach has shifted from "punishing employees for clicking on phishing emails" to empowering them with security awareness. "If you remember Spider-Man—‘with great power comes great responsibility’—that’s how we approach security awareness now."

Another speaker from Lenovo echoed this, stressing that employees must trust security teams and feel safe reporting issues: "We had a stat a while ago where 80% of our mobile devices were lost on Friday afternoons. That obviously wasn’t true. Employees were afraid to report losses. When we changed our approach, normalizing it, the problem disappeared."

Building a culture of cybersecurity is just as critical as having the right technology in place.

4. Risk Quantification: Speaking the Language of the Boardroom

Cybersecurity budgets are often hard to justify because success is invisible—the absence of breaches does not always mean strong security. How do security leaders prove ROI and justify investment in cyber defenses?

One effective approach is risk quantification, translating threats into financial impact: "We’ve moved from qualitative risk measurement—high, medium, low—to quantifying risk in monetary terms. We work with ranges, because exact figures are difficult, but the idea is to communicate the potential business impact of a cyber event."

IBM's 2024 Cost of a Data Breach Report was referenced multiple times, which found the average cost of a breach to be $4.9 million. However, as one panelist from Lenovo pointed out, scale matters: "That number might be fine for a mid-sized company, but for a company like Lenovo, BT, or Vodafone, the real number is in the hundreds of millions."

Another effective strategy is pointing to real-world breaches in similar organizations to highlight potential risks. The C-suite and boards are increasingly concerned about cybersecurity, but security teams need to present the case in business terms rather than technical jargon.

5. The Future of Cybersecurity: Adapting to a Constantly Changing Threat Landscape

A clear message is that cybersecurity landscape never stands still. Threats evolve daily, and security strategies must be adaptive and dynamic.

One panelist explained how business transformations directly impact cybersecurity strategy: "Companies are alive, they’re constantly changing—acquiring new businesses, launching new products, or divesting assets. That means the cybersecurity strategy must change too."

A five-year cybersecurity strategy is no longer viable without regular updates. Companies like Vodafone now refresh their strategy annually to account for new threats, regulations, and business shifts.

Security must also be proactive rather than reactive. AI-powered threat intelligence is helping organizations detect and mitigate risks before they escalate. One expert from Google detailed how AI is now used for scam detection at massive scale: "We analyze billions of pieces of content daily across Google products, and in some areas, we’ve doubled our detection and enforcement speed within a year."

These proactive AI-driven defenses are becoming essential as cybercriminals weaponise automation and machine learning.

Conclusion: Trust is the Foundation of Cybersecurity

Ultimately, trust is the foundation of cybersecurity—trust in systems, processes, employees, and leadership. As one panelist summarized: "Trust is everything. Whether it's customer trust, board trust, or employee trust, if cybersecurity fails, that trust disappears—and it’s incredibly hard to rebuild."

The cybersecurity discussions at MWC 2025 reinforced the critical importance of AI, security by design, a proactive security culture, and business-aligned cyber strategies. The challenge now is ensuring that cybersecurity keeps pace with the rapid advancements in AI, digital transformation, and regulatory requirements.

As threats grow more sophisticated, automated, and scalable, security leaders must focus on agility, collaboration, and continuous improvement to stay ahead.