Post Quantum Cryptography Awareness is High, But Widespread Preparation Lags, Finds 2024 Global Entrust Report

MINNEAPOLIS--(BUSINESS WIRE)--The Entrust Cybersecurity Institute today released survey findings on post-quantum cryptography (PQC) and public key infrastructure (PKI), assessing organizational PQ preparedness and the future of encryption. The global study reveals that most organizations have not begun preparing for the post-quantum threat. This comes on the heels of NIST publishing its first three finalized post-quantum encryption standards, outlining usage and implementation guidelines for organizations entering a new era of quantum cryptography.

Entrust’s 2024 PKI and Post Quantum Trends Study presents findings from a survey of IT and IT security professionals across the U.S., UK, Canada, Germany, UAE, Australia/New Zealand, Japan, Singapore, and the Middle East, conducted by the Ponemon Institute. Compared to previous years, this new data shows a clear shift towards increased awareness of PQC and the threats it poses to modern organizations. At the same time, it highlights a concerning trend that most organizations are either not yet motivated or unprepared for the transition, citing major concerns with the skills, education, and technologies needed to effectively prepare, leaving them vulnerable to potential attacks.

“There’s a shift in the industry with regard to Post-Quantum readiness," said Samantha Mabey, Director of Digital Solutions Marketing at Entrust. “While the questions around the PQ threat used to be ‘is it real’, the questions as of late are now ‘what do I need to do’ and ‘how’.”

Key findings from the 2024 PKI and Post Quantum Trends Study include:

• Support for PQC readiness is increasing, but plans for implementation are trailing: While 61% of global respondents plan to migrate to PQC within the next five years, less than half of organizations globally (41%) are presently preparing for the transition. At the same time, 38% of global respondents reported not having the right scale and technology to support the required extra computing power for PQC.
• Ownership, skills, and inconsistent requirements serve as the top challenges for enabling applications of PKI: 51% of respondents reported a lack of clear ownership over this transition, while 43% reported a tie between insufficient skills and complicated or fragmented requirements as the biggest hurdle to enabling PKI.
• Cryptographic asset visibility is a top concern for organizations seeking PQC readiness: Despite the fact that 44% reported a focus on building their cryptographic strategy, 43% cited an inability to simply inventory their crypto asset, the top concern for all nine countries surveyed in readying themselves for the transition.
• Even among organizations that decide to migrate, the path to PQC is uncertain: While 36% of organizations globally favor implementing a strict PQC plan, a significant proportion are inclined towards a hybrid approach (31%) or initial internal testing of PQC (26%).

“Organizations know that the threat of PQ is inevitable and impact substantial, but they lack the cryptographic visibility, skills, and computing power needed to effectively activate a plan, revealing a critical gap between awareness and action as the quantum threat looms. A major focus for organizations in 2025 will be activating these plans, bolstering their visibility into their cryptographic assets, and preparing their teams for a quantum-safe future,” said Mabey.

Additional Information:

• Read the report executive summary here.
• Download the full report here.
• Learn more about the Entrust Post-Quantum Cryptography Solutions here.

Methodology:

The 2024 PKI and Post Quantum Trends Study conducted by the Ponemon Institute is part of a larger study of which part one was published in May, involving 4,052 respondents in nine countries. In this report, Ponemon Institute presented the findings based on a survey of 2,176 IT and IT security who are involved in their organizations’ enterprise PKI across the United States, United Kingdom, Canada, Germany, United Arab Emirates, Australia/New Zealand, Japan, Singapore, and the Middle East.

About Entrust:

Entrust is an innovative leader in identity-centric security solutions, providing an integrated platform of scalable, AI-enabled security offerings. We enable organizations to safeguard their operations, evolve without compromise, and protect their interactions in an interconnected world – so they can transform their businesses with confidence. Entrust supports customers in 150+ countries and works with a global partner network. We are trusted by the world’s most trusted organizations. Learn more at www.entrust.com.