Cybersecurity is accelerating. Even if we don't know this, we feel it. CVEs keep growing year by year. So does Time to Exploit. And AI is giving everyone, no matter which side of the law, the room to move faster and more destructively. That's the context in which we wrote this report. Telecom is arguably the most important industry in our society. There's nothing it doesn't touch. And not only are we dependent on it, telecoms contains troves of priceless data. You can only defend if you know the map. And that's why we've analyzed 591 domains belonging to European Telecoms, totaling over 50,000 exposed, public assets. Our goal is to give CISOs and CTOs a data-driven perspective on the attack surface exposed to cybercrime and how their organizations compare to industry peers. Want a PDF version and the full anonymized data set? Submit your email . Executive Summary Our analysis revealed three major security gaps in the European Telecom sector: 37% of HTTPS connections use invalid or outdated SSL certificates, creating opportunities for man-in-the-middle attacks and data interception. These are fundamental security hygiene failures that persist due to incomplete attack surface visibility. This figure is significantly inflated by a small number of large operators with extensive invalid certificate counts; excluding the top outliers, the figure is closer to 17%. 47% of web servers expose sensitive version and software information, providing cybercriminals with reconnaissance data to quickly identify and exploit known CVEs without additional effort. As with SSL, a handful of large operators with high exposure rates skew this figure upward. 1,452 critical assets, including API endpoints, email servers, admin dashboards, VPNs, and portals, show concerning weaknesses, with webmail systems exhibiting the worst posture: 12% exposed configurations and 4% with SSL bad practices. These findings carry three significant implications for European Telecom leadership: Visibility gaps create undefendable attack surfaces. If security teams don't know what assets exist, they cannot protect them. This mirrors industry research showing 37% of enterprise attack surfaces are unknown—a foundational weakness that makes all other security investments less effective. Traditional security approaches cannot match threat velocity. With Time-to-Exploit now approaching -1 days (meaning zero-days are exploited before patches exist) and CVE disclosures up 16% in 2025 , annual or quarterly penetration tests are fundamentally inadequate. The attack surface changes faster than periodic assessments can capture. Critical business assets face disproportionate risk. The assets most vital to operations, such as customer portals, network management systems, and administrative access, show security weaknesses that could result in business disruption, regulatory penalties, and reputational damage. Luckily, the solutions to these problems are already available out there and ready to be implemented: First, organizations need extensive Attack Surface Management (ASM) to maintain real-time visibility of all exposed digital assets, including third-party and supply chain connections, eliminating blind spots that attackers exploit. Second, by using autonomous, AI-powered penetration testing with event-driven triggers for code changes, infrastructure updates, and new threat intelligence, vulnerabilities are discovered and validated at the speed of modern development cycles. Third, with automated detection and correction of basic security hygiene issues, organizations can resolve low-hanging fruit that significantly reduces attack surface risk with minimal investment. The results of this study suggest that there is an increased risk of exposure to cyberattacks across European Telecom, and it is prudent to consider implementing preventive measures and incentivising collaboration with security researchers. Organizations that embrace continuous, autonomous security testing will discover, prioritize and remediate vulnerabilities before they become breaches. Those who rely on periodic assessments will continue to appear in breach headlines. Methodology To conduct this analysis, we’ve used our proprietary recon tool. This tool allows for a passive, non-intrusive reconnaissance of an organization's exposed digital infrastructure, using only its main web domain. The tool can identify: The total number of exposed digital assets (subdomains, applications, IPs, and others); Types of web servers, services, technologies, and integrations; Server information exposure and configuration of secure digital certificates. Additionally, we’ve also analyzed active recon and testing data from our hacking agent, Hackian, to give you more context on vulnerability trends regarding Telecom companies. In addition to quantitative attack surface analysis, this report incorporates insights from in-depth interviews with cybersecurity leaders at European Telecom organizations. These conversation...