News Summary:

• Despite growing awareness, a new study from Entrust reveals organizations continue to risk data breaches and service outages due to unmanaged keys and certificates, and use of outdated cryptography.
• Organizations report little progress toward improving visibility into their keys and certificates and post-quantum cryptography implementation, even as the quantum threat is expected in as little as five years, and certificate lifetimes are being reduced to only 47 days.
• Only 40% of U.S. organizations and 38% of global organizations reported that they are actively transitioning to post-quantum cryptography, with readiness declining year-over-year.

Entrust, a global leader in identity-centric security solutions, today released new findings from Ponemon Institute revealing that organizations worldwide face two urgent cryptographic deadlines that will have a big impact on their data security and web services – and most lack the visibility, resources, and readiness required to meet them.

The 2026 Global State of Post-Quantum and Cryptographic Security Trends study, independently conducted by Ponemon Institute and sponsored by Entrust, surveyed more than 4,000 IT and security professionals worldwide, including 552 respondents in the United States. The results show that enterprises are struggling to keep pace as quantum timelines accelerate and certificate validity windows shrink dramatically, creating the conditions for greater organizational risk.

Quantum disruption nears as certificate lifecycles collapse

More than half of U.S. cybersecurity practitioners (54%) believe a quantum computer capable of breaking RSA and ECC encryption will emerge within five years. This urgency is underscored by NIST and NSA guidance, which sets aggressive timelines – to deprecate RSA and ECC encryption by 2030 and disallow them by 2035 – for transitioning to quantum-resistant cryptography, and whose direction is being followed by the U.S., Canada, Australia, and the EU.

At the same time, a recent CA/Browser Forum mandate will rapidly shrink public trust certificate validity windows – moving from 398 days to 200, to 100, and ultimately 47 days by 2029. As industry standards and government mandates seek to minimize risk and strengthen digital trust, organizations must have capabilities in place to enable faster renewal cycles and automation at scale. Having the ability to automate certificate replacement at scale is just as critical to the transition to quantum-safe cryptography.

Despite these near-term deadlines, less than half of organizations are preparing for PQC – only 40% in the U.S. and 38% globally – down from 41% last year. Only 43% reported that they have full visibility into certificates in their enterprises, making it difficult to begin implementing quantum-safe algorithms and infrastructure. Sixty-eight percent say managing cryptographic assets is extremely or very difficult.

A successful quantum attack could have serious consequences: U.S. respondents are concerned about the loss of access to encrypted critical infrastructure (58%) and exposure of long-term sensitive data (59%), including financial records and health information.

“The fact that 60% of respondents report that their organizations are not preparing to transition to post-quantum cryptography is a sign that the cryptographic landscape is changing faster than most organizations can keep up,” said Greg Wetmore, Vice President of Product Development at Entrust. “The clock is ticking, and the solutions are available now – so enterprises can’t afford to delay action. It’s not a question of ‘Will quantum computers disrupt us?’ but ‘How quickly can we adapt our infrastructure to withstand what’s coming?’”

Visibility remains the defining obstacle to modernizing digital trust

For the second consecutive year, limited visibility into cryptographic assets is the top barrier to post-quantum readiness – cited by 41% of respondents compared to 43% last year. Other readiness gaps have worsened: Concerns around budgets increased to 39% (from 31% last year) and lack of expertise rose to 38% (from 28%).

Without clear visibility into where keys and certificates are stored, how they’re used, and when they expire, teams cannot automate renewal workflows, transition to quantum-safe algorithms, or prevent the outages that short-lived certificates can trigger.

“The gap between awareness of the quantum threat and action is widening. Teams around the world are struggling with the same foundational challenges: limited visibility into their keys and certificates, scarce expertise, and operational constraints that make it difficult to transition at the pace required,” said Mike Baxter, President and Chief Technology & Product Officer at Entrust. “The path forward starts with building cryptographic visibility and automation. Then it becomes about implementing quantum-safe cryptographic infrastructure with PQ-ready HSMs and PQ-ready PKI, which are the fundamental building blocks organizations require to address the quantum threat. With these tools in place, organizations can begin implementing PQC to safeguard their organizations before quantum computers make traditional encryption obsolete.”

Entrust delivers core technology for quantum-safe security

Entrust provides the technologies and expertise organizations need to move from discovery to implementation, including PQ-ready HSMs, quantum-safe PKI, and automated certificate lifecycle management. These capabilities give enterprises the foundation to begin deploying quantum-safe cryptography today, strengthening resilience, helping to maintain compliance, and protecting sensitive data that must remain secure for decades.

With quantum-safe infrastructure available now, Entrust enables organizations to modernize their cryptographic environments proactively – well before quantum attacks become viable.

To learn more, download the full report here.

About the Study

In the 2026 Global State of Post-Quantum and Cryptographic Security Trends study by Entrust, Ponemon Institute surveyed 4,149 IT and security practitioners across the United States, Canada, United Kingdom/Ireland, DACH, Indonesia, and Singapore. Respondents represent industries including financial services, healthcare, manufacturing, technology, and the public sector.

About Entrust:

Entrust fights fraud and cyber threats with identity-centric security that protects people, devices, and data. Our comprehensive solutions help organizations secure every step of the identity lifecycle, from verifying identity at onboarding to securing connections and fighting fraud in everyday transactions. Ongoing monitoring supports compliance and safeguards keys, secrets, and certificates. With a foundation of identity-centric security, our customers can transact and grow with confidence. Entrust has a global partner network and supports customers in over 150 countries. For more information, visit www.entrust.com.

View source version on businesswire.com: https://www.businesswire.com/news/home/20260127735306/en/

“The path forward starts with building cryptographic visibility and automation. Then it becomes about implementing quantum-safe cryptographic infrastructure with PQ-ready HSMs and PQ-ready PKI..."