Demand for private 5G networks is soaring around the world. By one estimate, the market will grow at a CAGR of 54% from 2024 to 2033 to reach almost $161bn. Enterprises are drawn by the potential for faster, more reliable networks which can be customized according to their specific requirements. It’s why organizations as diverse as airport operators, smart factory owners and healthcare providers are signing up.
Private 5G networks are also nominally more secure than their public counterparts, as the enterprise has complete operational control over them. But not all are created equal, and it would be wrong to assume that they’re inherently secure by design. Can AI-powered security help in this regard? And how great a concern for enterprises are mounting skills and resource shortages?
To find out more, we commissioned Sapio Research to survey 800 decision makers with authority over IT and / or cybersecurity across the US, UK, Japan, France, Germany, Italy and Spain. All respondents work in companies of 250+ employees and either currently use a private 5G network (86%) or are evaluating deployment (14%).
No security panacea
Private 5G networks are not immune to security risk. For one thing, they will usually feature a large attack surface of connected devices—many of which may be unpatched IoT endpoints or end-user devices that expose organizations to persistent insider risks. That’s especially concerning given the sensitivity of the data that may be flowing through such networks. Further risk could be introduced through potential vulnerabilities in the 5G equipment supply chain, and the crucial User Plane Function (UPF), which is the gateway to external networks.
Fortunately, respondents to our survey seem to be aware of the risks. Some 96% place a moderate to high priority on securing private 5G networks. And 67% have already conducted a risk assessment on their networks, with 13% in the process of doing so.
They cite data breaches, ransomware/malware, unauthorized access and 5G core vulnerabilities as the biggest cybersecurity threats to these environments. Additionally, three-quarters (74%) are concerned about the potential for supply chain vulnerabilities within their private 5G infrastructure. Most also cite real-time threats to critical infrastructure (66%), an increased attack surface (57%), network slicing risks (53%) and supply chain vulnerabilities (51%) as the most “familiar” security challenges associated with such networks.
Awareness of supply chain risk is also reflected in another data point. When asked what the most critical considerations are when working with a third-party vendor to deploy private 5G networks, respondents’ top answer was “security and risk mitigation” (60%). Data privacy and transparency (54%) ranked third.
All of which explains why global organizations are putting their weight behind security measures such as:
- Identity and access management (55%)
- Encryption of data at rest and in transit (53%)
- Endpoint security (51%)
- Intrusion detection and prevention (50%)
The regulatory compliance imperative
Tackling these challenges has an added urgency for many responding organizations that operate in highly regulated sectors. They cite issues such as the cost of compliance, the complexity of regulations and a lack of clear guidelines. And many complain they don’t have enough in-house expertise to meet the regulatory demands placed upon them. As we’ll see, skills shortages are a consistent theme. Overall, the share of respondents admitting they face challenges with the following regulations, laws and standards is as follows:
- EU Cybersecurity Act (69%)
- NIS2 Directive (65%)
- National telecoms laws (64%)
- 3GPP mobile broadband standard (63%)
- EU Digital Operational Resilience Act (DORA) (59%)
The value of AI-powered security
The IT and cybersecurity professionals we polled also appear to understand the potential benefits of AI-powered security in their private 5G environments. Most claim they are either currently (62%) or planning (35%) to use such tools.
Interestingly, AI usage is higher for those who have conducted a risk assessment for private 5G, and for those who place high priority on private 5G networks (both 75%). This suggests that they’re more aware of the associated risks and emphasizes the importance of using AI to monitor and secure 5G private networks.
Respondents highlight a number of current and planned capabilities, reflecting the power of AI to analyse vast quantities of data—across networks, users, and devices— in order to flag suspicious activity. And its ability to scour third-party sources like social media, dark web forums and malware repositories to surface highly actionable, predictive threat intelligence. Specifically, they point to:
- Monitoring and threat detection
- Network traffic analysis
- Predictive analysis for proactive threat mitigation
- Anomaly detection and response automation
- AI-powered malware and ransomware detection
- Automated incident response and remediation
- User and entity behaviour analytics (UEBA)
AI for incident response is particularly useful, analyzing vast data sets to spot patterns human eyes might miss and flaganomalies indicative of risks. AI can also contextualise threat data and prioritise alerts for time-challenged SOC analysts, shortening response times, reducing false positives and minimising alert overload. These capabilities are even more important considering only 30% of respondents are very confident in their current threat detection and response capabilities. And just half (51%) have an incident response plan customised for private 5G environments.
Yet AI-powered security can go beyond incident response. Respondents view the following capabilities as essential for private 5G network security:
- Predictive threat intelligence (58%)
- Continuous, adaptive authentication (52%)
- Zero trust enforcement (47%)
- Self-healing networks featuring AI automation (41%)
AI adoption challenges
However, while awareness and adoption levels appear to be high, when it comes to actually embracing AI-powered security in private 5G networks there are several challenges. In fact, almost all (92%) respondents have some issues here. They include:
- High cost of implementation (47%)
- Concerns over false positives / negatives (44%)
- Lack of internal expertise (37%)
- Integration with existing environments/tools (36%)
- Regulatory/compliance concerns (35%)
- Scalability challenges (31%)
Nearly two-thirds (64%) of organizations we spoke to are also concerned about potential vulnerabilities in AI tools used for private 5G security.
A lack of in-house resources
Some, if not all, of these concerns could be linked to the way that communications technology (CT) is treated in many global organisations.
A lack of internal CT expertise is reflected in the fact that just a fifth (20%) of respondents have a dedicated team for securing their communications networks. Half hand the job to their IT security team, although there’s no guarantee these practitioners have the required skills to manage complex private 5G network security. In many other cases, responsibility for CT security lies with the CTO (43%) or CIO (32%) rather than the CISO (35%).
Reflecting the apparently low priority given to CT security in many enterprises is how much money they are allocating to it. On average, less than a fifth (18%) of respondents’ security budget is currently allocated to private 5G networks. That’s in spite of the potentially critical services they support and the highly sensitive data flowing through such networks.
These resource and skills shortages may even be actively exposing organizations to compliance and cyber-related business risk. When using AI for traffic monitoring and analysis inside private 5G networks, only around half or fewer respondents say that they:
- Ensure compliance with data privacy regulations like GDPR (54%)
- Encrypt data at rest and in transit (51%)
- Deploy strict access controls for AI models (50%)
- Use data anonymization techniques (44%)
The truth is that AI can expand the enterprise attack surface and thereby risk exposure, with models representing a potentially attractive target for sabotage, disruption, data theft and extortion. Strict access controls and some form of data anonymization such as strong encryption should be a given if organizations want to keep privacy regulators onside.
A better way to optimize private 5G security
It’s concerning that organizations may be putting themselves in harm’s way due to a lack of in-house know how and predominantly reactive security solutions. So how can they close security, funding and skills gaps to ensure private 5G risks are suitably managed? Although respondents claim that, on average, a quarter (25%) of their security budget will be devoted to these environments in the next 12-24 months, how it is spent will be critical. This Top 10 list of things to consider is a must read for any organization:
- Manage your cyber risk exposure by working with a trusted, infrastructure-agnostic technology partner with private 5G expertise
- Adopt a proactive security approach supported by a platform that can help identify, prioritise and mitigate threats before they exploit vulnerabilities in a private 5G network
- Make the business case for investments in CT security/skills to the board, using business-friendly language and metrics
- Close visibility gaps, reduce costs and ease the CT management burden by consolidating CT, IT and OT security onto a single platform
- Take a Zero Trust approach to mitigate risk on a continuous basis. Just 35% of respondents are currently doing so
- Protect infrastructure components, including base stations, edge computing, 5G core, and network slicing
- Reduce skills gaps with generative AI technology that serves as an “assistant” to security operations (SecOps) analysts
- Consider managed detection and response (MDR) as another way to mitigate CT security skills shortages
- Minimise false positives by ensuring any extended detection and response (XDR) system is built on a broad range of sensors and comprehensive global threat intelligence
- Conduct a data protection impact assessment (DPIA) on any new AI technology to ensure compliance with GDPR or other data privacy regulations.
See how CTOne and Trend Vision One can help you proactively protect your private 5G network.
More To Explore

Salt Typhoon Has Telecom Industry’s Number: Understanding New Attacks & Threats to Critical Infrastructure
2 mins. read