Enterprises aren’t doing enough to prepare for 5G security risks and need to put a greater emphasis on efforts to virtualize and automate security, according to a report commissioned by AT&T Cybersecurity, which is a division of AT&T Business.

The operator’s latest Cybersecurity Insights Report, which is based on a survey conducted by 451 Research, concludes that enterprises need to consider how they will improve vulnerability management programs for devices at the edge and implement a shared security model similar to those used in public cloud environments.

While the standards for 5G include built-in security features, network infrastructure alone is not enough to handle all business security needs, according to analysts that conducted the research for AT&T. Almost 73% of the 704 security practitioners that participated in the survey rated their level of concern as high or medium-high as it relates to the potential impact of 5G on security. Moreover, 76% of respondents said they expect entirely new security threats to emerge out of 5G.

Only 16% said their organizations have already begun making changes to their security strategies related to 5G, but 38% expects efforts to get underway in the next six months, and 35% anticipate changes in the next year or two, according to the report.

Not surprisingly, the top security concerns related to 5G include the larger attack surface (44%), and the number of devices on networks (39%), followed by the need to extend security policies to new IoT devices (36%), and authenticate a greater number of devices (33%).

“Most of the transitions in networking have been about faster speeds or increased capacity. 5G introduces more complex networking and is being delivered with virtualization in mind,” analysts wrote in the report. “The latter appears to be a crucial gap in the way enterprises are preparing for 5G, as enterprises will need to take advantage of virtualization to make the network nimbler and more responsive.”

Many enterprises have yet to embrace that approach, according to the study. Only 29% of respondents said their organizations plan to implement security virtualization and orchestration during the next five years.

Moreover, only 25% are confident that their organization’s current security policies will be effective in a 5G environment. More than half, or 53%, say some adjustments will be required and 22% anticipate a need to completely rethink their security policies.

“At a large scale security needs to be dynamic and automated in order to accommodate the scope and potential speeds of 5G networks,” analysts wrote in the report. “Security virtualization could be the most crucial advancement related to 5G security, for both the provider and their enterprise customers.”

451 Research also encourages enterprises to implement a zero-trust security model to overcome challenges posed by the proliferation of devices on 5G networks. On that front, 47% of respondents said they are in the process of implementing zero-trust security policies, 25% are interested in the model but haven’t begun implementation, and 21% have already enforced such policies, according to the survey.

To achieve a more secure 5G network, operators and enterprises need to implement virtualized and automated security controls, machine learning and threat detection intelligence, a zero-trust environment, and a shared security model, according to the report.

“5G creates a widely distributed network topology that will eventually be accessed by an unprecedented number of devices, some of them robotic rather than human-driven,” the analysts wrote. “Enterprises cannot rely on manufacturer-driven device certification to keep bad actors off the network. The enterprise will need to take a more active role in device authentication and authorization.”