Our 6th Telco Cybersecurity Conference brought representatives from 19 telcos from product, marketing, sales, and customer experience into Future Health Lab in Vienna, and the agenda was built around a single question: what does the perfect cybersecurity portfolio actually look like?
Photo credit: Spotlight Film Production
Telcos hold the unfair advantage over the market
Richard Malovič, Whalebone CEO and Founder, set the tone by walking the room through what is already happening inside telco networks. Attackers no longer need weeks to build a convincing scam. With AI, the timeline from identifying a target brand to launching a mass phishing campaign has collapsed to roughly three hours, faster than most generic threat feeds can react. The point landed clearly: global feeds on a 24 to 48 hour update cycle simply cannot cover regional, localized attacks that appear and disappear within hours.
That framing carried into the central argument of the morning. Telcos hold an advantage that no tech giant can replicate, because they sit closest to both the customer and the threat. The opportunity is not theoretical either. Across Europe, mass-market cybersecurity represents a multibillion-euro revenue stream that operators are uniquely positioned to capture.
A1 Austria showed what trust looks like in practice
Stefan Holzer, Product Manager for Residential Cyber Security at A1 Austria, made the case that trust is not built on a product page. It is built in the moment a customer is scared, confused, and does not know who to call.
A1's answer was a free security hotline for all A1 customers. The results spoke for themselves: customers leave the call feeling heard and safer, live call data reveals exactly what people need protection from, and one in five calls led to activating a new security product. The hotline did more than help individuals, it made A1 a smarter, more security-aware organization.
GO plc made the case for embedding security directly into children’s plans
One of the most resonant sessions came from Matthew Vercellono, Senior Marketing Product Owner at GO plc in Malta, who walked through GO Play Junior, the country's first mobile plan designed specifically for children.
The principle behind it was clear: if you have to sell a parent on protecting their child, the product design has already failed. So GO embedded DNS-level security with parental controls by default, with no option to switch it off. Vercellono's takeaways applied well beyond children's plans. Design for both the user and the buyer. Embed protection for vulnerable users rather than making it optional. Lead with empowerment, not fear. The future of telco security, he argued, is not only about protecting networks, it is about protecting people, families, and the next generation of digital users.
Telcos are becoming the real cybersecurity leaders
Miroslav Lukeš, Whalebone CCO, closed the morning with a clear thesis. Consumers already expect secure connectivity from their telecom provider and trust their operator to deliver it. That trust is the golden opportunity, the foundation for differentiation and a genuine competitive advantage.
A panel on building portfolios around customer needs
A cross-market panel, moderated by Whalebone, brought together operators from LMT, A1 Slovenia, and Swan to compare notes on how they shape their security portfolios. The throughline was practical: the strongest portfolios start from what customers actually need and how they behave, not from the products a telco happens to have on the shelf. The operators traded honest perspectives on segmenting audiences, deciding what to bundle versus sell standalone, and keeping the experience simple as the portfolio grows.
Working groups put theory to work
The afternoon turned the room loose. In hands-on working groups, teams designed their own "safe tariff" for a chosen audience, from gamers to investors to content creators, free of any existing brand or technical constraints. They built personas, mapped risks, named the tariff, and pitched campaign ideas to the room.
Then came the moment many had been waiting for.
Celebrating the 2026 Annual Telco Awards
The highlight of the day was the Whalebone 2026 Annual Telco Awards. Telcos were recognized for their success in mass-market cybersecurity, and three operators took home the Main Awards: O₂ Telefónica Germany, A1 Telekom Austria, and m:Tel Montenegro.
These are the operators leading the way in telco consumer cybersecurity, turning network-level protection into real customer value, real adoption, and real revenue. Congratulations to all of the winners!
Day two went deep on threat intelligence
Robert Šefr, Whalebone CTO and Founder, opened the second day with the product vision: telcos are becoming the natural global enabler for consumer and SMB cybersecurity, but the old model of selling isolated products does not scale and cannot deliver enough margin. The shift is toward productized, packaged cybersecurity.
Martin Kuruc, Threat Intelligence Lead at Whalebone, then gave one of the most quietly powerful talks of the conference. His message: we protect more users by finding the threats they never see. Most threats are invisible to the end user, and a scam call, a phishing site, and a credential leak on the dark web are often three acts of the same story. Knowing only the beginning, middle, or end is not enough. Knowing the full story is what makes the protection more powerful, which is why Whalebone tracks threat intelligence across DNS Security, Identity Protection, and Fraud Call Protection together, with a dedicated focus on country-specific threats that global engines miss.
A1 Bulgaria on building revenue through new security layers
Aleksandar Petrov, Team Leader for New Business Development and Innovation at A1 Bulgaria, presented A1 Net Protect, the operator's network-level security service, now serving more than one million subscribers. His argument centered on friction: by running at the DNS level with zero installation and instant opt-out activation, A1 sidesteps the app-store-and-download path that drives churn, and turns a single core layer into a tiered portfolio that grows ARPU through additions like Content Ban, App Control, Identity Protection, and SMS Protection.
Just as deliberate was the go-to-market engine, spanning retail point-of-sale, in-app push, and educational email, all shifting the focus from abstract malware to the personal reality of identity theft. The roadmap runs from on-net DNS protection today toward Offnet Protection that follows the user onto any network. Petrov's closing lines captured the conference's larger theme: security is no longer an optional add-on, and A1 has moved from connectivity provider to digital guardian for the modern consumer.
m:Tel Montenegro and the Siguran Net Month case study
The final session came from Luka Radunović, Head of Project Management and Risk Oversight at m:Tel Montenegro, and Ondřej Hrabal, Service GTM and Growth Lead at Whalebone, who walked through the Siguran Net Month campaign.
It started with a single all-day workshop in November 2025 and grew into a fully integrated campaign across three pillars: a top-to-bottom marketing push, an internal communications effort, and a B2C and B2B sales competition.
The results were extraordinary, and the momentum held, with May still running way above the prior quarterly average. The campaign is now being prepared for replication across other operators in the Telekom Srbija group, and as an annual playbook.
What we took away from Vienna
Across two days, the same pattern kept surfacing. Security alone does not automatically create trust. It needs context, timing, and value. Protection becomes powerful when it feels personal, and better security starts with better understanding. That is how protection becomes relevant, and that is how relevance becomes trust.
The Telco Cybersecurity Conference is a VIP, invite-only gathering for Whalebone customers, the operators already building mass-market security with us. If your telco wants to be in the room next year, reach out. We will help accelerate your path to success with mass-market cybersecurity. Be there for the next one!