Security has never been one of the most visible aspects of the mobile industry. For years, it has operated quietly in the background, embedded in networks, devices, and protocols that most users rarely think about. The moment people pick up their phones, their instinct is not to question how secure their connection is, but simply to use it. But then: messaging, banking, navigation, work, everything flows through the same device, with an assumption that the system is safe enough to trust.
That assumption is rarely questioned, even in situations where it probably should be. A message arrives that looks familiar, a call comes from a known contact, a login request appears on screen, and the response is almost automatic. There is no pause, no second thought, because the experience has been designed to feel seamless, and over time, that seamlessness becomes indistinguishable from safety.
That assumption, however, is starting to shift as connectivity becomes fully digital, and as services move away from physical components like SIM cards toward eSIMs. The threats are no longer limited to infrastructure or networks, but increasingly tied to how people interact with technology on a daily basis.
That broader perspective sits at the core of the third episode of eSIM Talks, where Rafael A. Junquera is joined by Andrew Grill, futurist and technology advisor, and Augustin De Wailly, CEO and co-founder of Accelerators, to explore a question that feels increasingly urgent: in a fully digital world, who is actually responsible for security?
But… is being connected the same as being safe?
One of the most striking shifts discussed in the episode is how the concept of vulnerability itself has changed, moving away from systems and toward people in a way that is both subtle and profound. Andrew Grill makes this point early in the conversation, explaining that while infrastructure has become significantly more secure over time, attackers have not disappeared, they have adapted their approach; instead of trying to break into networks, they now focus on manipulating human behaviour, making them the weakest point of the system.
This is particularly evident in the rise of AI-driven attacks, where voice cloning, deepfake video, and highly convincing impersonations are starting to blur the line between what is real and what is not, challenging one of the most basic assumptions of digital interaction: that we can recognise who we are dealing with.
What makes this shift especially challenging is that it does not feel like a failure of technology, but rather a consequence of its success. Systems have become so robust that the path of least resistance is no longer technical, it is psychological, and that shift changes the nature of the attack itself, which is no longer about breaking access but about influencing decisions, making it a much harder problem to solve.
A digital world that feels safer than it is
As the conversation develops, Rafael Junquera introduces a generational angle that adds another layer of tension, highlighting how the perception of risk has changed alongside the evolution of technology. In the past, people were taught to be cautious in physical environments, to question strangers, to be aware of potential danger, and to assume that not everything was safe by default.
In digital environments, however, those same instincts are not always present. Instead, there is a tendency to trust interfaces, platforms, and interactions simply because they are familiar. Augustin De Wailly points out that this is not necessarily a lack of awareness, but rather a consequence of how seamless digital experiences have become. The system is designed to reduce friction, and in doing so, it also reduces the moments where users stop to question what they are doing.
This becomes particularly visible in everyday behaviors, such as reusing passwords across multiple platforms or relying on the same credentials for both personal and professional accounts. As Rafael notes during the discussion, this is something that has become almost standard practice, even though it creates a chain of vulnerability where a single breach can quickly escalate into something much larger.
What makes this dynamic particularly complex is that nothing appears to be wrong until something actually happens. The experience feels smooth, intuitive, and under control, which reinforces the idea that the system is safe, even when the underlying risk is quietly increasing.
When identity becomes impossible to manage
The issue becomes even more complex when viewed through the lens of digital identity, which is no longer a single point of access but a huge number of accounts, services, and platforms that users manage continuously, often without fully realising how fragmented that identity has become.
Here it is where the traditional password model starts to reveal its limitations, as it relies on a level of consistency that is difficult to maintain in practice: remembering unique credentials, updating them regularly, and ensuring they are secure becomes a task in itself, one that most users simplify in ways that quietly increase their exposure.
As Andrew Grill pointed out during the conversation, addressing this goes beyond just using different passwords. It also means separating identities across different email accounts and managing everything through a password manager, as a way to reduce risk and maintain control in an environment that is otherwise difficult to organise securely.
This is where solutions like password managers and passkeys begin to emerge as necessary evolutions rather than optional improvements. They are designed to reduce the cognitive load on users while increasing security, but they also reflect a deeper shift, where managing identity is no longer something occasional, but something continuous.
The hidden advantage of removing the SIM
When we see eSIM not from the usual perspective of flexibility or travel convenience but as a key factor for physical security, the narrative goes one step further.
Augustin De Wailly highlights how a physical SIM can become a point of vulnerability, particularly in scenarios where a device is lost or stolen, because it provides a direct path to accessing identity and communication channels. Once removed, it can be inserted into another device and used to bypass certain authentication mechanisms, creating a situation where control over a number can quickly be transferred.
Andrew Grill reflects on this from personal experience, explaining that moving to eSIM removes that possibility entirely, not by adding complexity, but by eliminating the physical component altogether. As he puts it, “I’ve gone eSIM, I’ve gone security first,” introducing what he describes as “an extra level of physical security” because there is simply nothing to extract.
It is a small change in form, but a significant one in function, and it illustrates how security is not always about adding layers, but sometimes about removing points of failure, which is a much less visible but equally powerful way of reducing risk.
Connectivity as something you cannot lose
Beyond security, the episode also touches on a more immediate reality: the role of connectivity itself in everyday life, and how its absence is no longer neutral. Andrew shares an example of a traveler who found themselves delayed at an airport simply because they lacked connectivity at a critical moment, unable to communicate or navigate effectively.
What stands out is how quickly things begin to break down when connectivity is not available. Tasks that would normally take seconds become impossible, and the experience shifts from routine to disruptive almost instantly, exposing how dependent everyday interactions have quietly become on being connected. This is where eSIM introduces another form of resilience, allowing connectivity to be activated, transferred, or restored almost instantly without the need for physical intervention.
In practical terms, this reduces downtime, but in a broader sense, it reflects a shift in expectations, where users no longer accept delays in something that has become essential to how they operate, and where being offline is no longer an inconvenience, but a limitation.
Security is no longer something you are given
As the conversation comes full circle, the original question returns, but with greater clarity and weight. Who is responsible for security in a digital world where everything is connected, flexible, and increasingly intangible?
The answer, as the episode suggests, is not singular. On one hand, providers are responsible for building secure infrastructures, platforms are responsible for maintaining standards, and devices are responsible for protecting access, but none of these layers replace the role of the user, who ultimately interacts with all of them.
Andrew Grill makes this point directly when he emphasizes that security is something users participate in, not something they simply receive. It requires awareness, attention, and sometimes a willingness to question interactions that feel routine. It also requires accepting that convenience and security are often in tension, and that navigating that tension is part of the experience, not an exception.
What this means for security
What becomes clear from Episode 3 of eSIM Talks is that the transition to eSIM is not just a technical evolution, but part of a broader shift in how connectivity is understood. If previous discussions focused on access, pricing, and market dynamics, this one moves into something more foundational, exploring what it means to operate in a world where everything is digital but needs to be assured.
Because once connectivity becomes instant and seamless, the real challenge is no longer getting online. It is understanding what happens after you are, and in that environment, security becomes less of a feature and more of a condition for everything else to work as expected, shaping how identity is managed, how interactions are trusted, and how risks are approached on a daily basis.
That may not be as visible as a new product or as tangible as a lower price, but it is arguably more important, because it defines how sustainable the entire ecosystem will be as it continues to evolve, and how much trust users are willing to place in systems that they rely on constantly, making security not just a technical layer, but a shared responsibility between systems and the people who use them.
