Security governance in UK telecoms: reverse salience, path dependency and the paradox of stability vs innovation

Legacy governance structures in telecommunications created a paradox whereby systems designed for resilience and universal service entrenched inertia and lacked innovation. This article argues that continued use of these structures continues to shape transition from legacy to cloud-native networks. Analysing this dynamic through the lens of reverse salience and path dependency helps to expose legacy governance challenges and the impact it has on newer technology. Doing so provides guidance for telco providers as they migrate from legacy to cloud-native infrastructure. It begins with a historical analysis of these monopolies, showing how vertically integrated providers engineered durable infrastructure such as copper cabling, PSTN and frame relay. The discussion examines how compliance-driven governance frameworks prioritised resilience over adaptability. It connects historical insights to current debates around security governance within cloud-native and software-defined networks while arguing that lessons from the past remain critical for balancing innovation with resilience. Insights from legacy governance are essential for creating security and resilience strategies within modern telco networks, helping to ensure reliability without sacrificing innovation.