Enterprises Spends 5-10% of IT budgets On Private 5G Network Security

Trend Micro has announced new research revealing that most enterprises invest 5-10% of their IT budgets specifically on private 5G network security, despite an assumption that the technology is secure by default.

Greg Young, vice president of cybersecurity at Trend Micro: “When it comes to private 5G network technology, there’s no such thing as ‘secure by default,’ so it’s reassuring that enterprises are looking to add their own protections. What will be crucial going forward is educating this new user base about where the most critical security gaps are and what a shared responsibility model will look like in these environments.”

The research reveals that 72% of global enterprises believe the 3GPP approach1 to private 5G security is sufficient. These network architectures were built with security in mind, and because they are private, are inherently more secure than public 5G. However, that doesn’t mean they are impenetrable to determined attackers.

Respondents to the research seem to agree. It’s estimated that most are spending $1-5 million of their IT budget on private 5G security, expecting to increase this in the future.

When comparing security requirements for enterprise private 5G networks, business leaders’ expectations primarily focus on the following:

  • Security visibility (75%)
  • Risk and control management (65%)
  • Improved and streamlined alerting system (49%)

Organizations’ top security requirements for mitigation measures are:

  • Authentication (75%)
  • Access controls (65%)
  • Protection from fake base stations (58%)

These distinct priorities indicate that business leaders focus on integrating and enhancing the visibility of security measures throughout their organization, while those leading the implementation of 5G place greater emphasis on elevating security standards within the 5G network, aligning with the principles of Secure by Default.

The report goes on to address the importance of the shared responsibility model. Not all components must be secured by service providers, with organizations also responsible for mitigating risk in certain parts of the environment.

Market education and bridging the gap in perceptions will be key going forward, especially given the current lack of awareness about security vendor solutions, the report notes.

To read a full copy of the Omdia report, please visit: