A new study by Ponemon Institute, sponsored by Entrust, indicates that organizations worldwide are largely unprepared for two critical cryptographic deadlines: the impending threat of quantum computing and rapidly shrinking certificate validity windows. The research highlights a significant lack of visibility, resources, and readiness within enterprises to address these challenges.
The 2026 Global State of Post-Quantum and Cryptographic Security Trends study surveyed over 4,000 IT and security professionals globally, including 552 in the United States. Findings reveal that enterprises are struggling to keep pace with accelerating quantum timelines and dramatically shorter certificate lifecycles, which increases organizational risk.
More than half of U.
S. cybersecurity practitioners, 54%, anticipate the emergence of a quantum computer capable of breaking RSA and ECC encryption within five years. This urgency aligns with NIST and NSA guidance, which sets aggressive timelines to deprecate RSA and ECC encryption by 2030 and disallow them by 2035, urging a transition to quantum-resistant cryptography. This guidance is being adopted by the U.
S., Canada, Australia, and the EU.
Simultaneously, a recent CA/Browser Forum mandate will reduce public trust certificate validity windows from 398 days to 200, then to 100, and ultimately to 47 days by 2029. To minimize risk and strengthen digital trust, organizations require capabilities for faster renewal cycles and automation at scale, which is also critical for the transition to quantum-safe cryptography.
Despite these near-term deadlines, only 40% of organizations in the U.
S. and 38% globally are preparing for Post-Quantum Cryptography (PQC), a decrease from 41% last year. Only 43% reported full visibility into certificates within their enterprises, hindering the implementation of quantum-safe algorithms and infrastructure. Additionally, 68% of respondents find managing cryptographic assets extremely or very difficult.
Potential consequences of a successful quantum attack include the loss of access to encrypted critical infrastructure (58% of U.
S. respondents) and the exposure of long-term sensitive data, such as financial records and health information (59%).
Greg Wetmore, Vice President of Product Development at Entrust, noted, “The fact that 60% of respondents report that their organizations are not preparing to transition to post-quantum cryptography is a sign that the cryptographic landscape is changing faster than most organizations can keep up. The clock is ticking, and the solutions are available now – so enterprises can’t afford to delay action.”
For the second consecutive year, limited visibility into cryptographic assets remains the top barrier to post-quantum readiness, cited by 41% of respondents, compared to 43% last year. Other readiness gaps have also widened, with budget concerns increasing to 39% (from 31%) and lack of expertise rising to 38% (from 28%). Without clear visibility into keys and certificates, their usage, and expiration dates, teams struggle to automate renewal workflows, transition to quantum-safe algorithms, or prevent outages caused by short-lived certificates.
Mike Baxter, President and Chief Technology & Product Officer at Entrust, stated, “The gap between awareness of the quantum threat and action is widening. Teams around the world are struggling with the same foundational challenges: limited visibility into their keys and certificates, scarce expertise, and operational constraints that make it difficult to transition at the pace required.” Baxter added that the path forward involves building cryptographic visibility and automation, followed by implementing quantum-safe cryptographic infrastructure with PQ-ready Hardware Security Modules (HSMs) and PQ-ready Public Key Infrastructure (PKI).
Entrust offers technologies and expertise to support organizations in their transition, including PQ-ready HSMs, quantum-safe PKI, and automated certificate lifecycle management. These solutions provide the foundation for deploying quantum-safe cryptography, enhancing resilience, maintaining compliance, and protecting sensitive data for the long term. Entrust’s quantum-safe infrastructure aims to enable organizations to modernize their cryptographic environments proactively.
