A new report reveals a looming crisis in digital security as organizations worldwide scramble to prepare for the arrival of quantum computing. Entrust, a global leader in identity-centric security, released findings from a Ponemon Institute study of over 4,000 IT and security professionals, highlighting critical cryptographic gaps and approaching deadlines. Over half of U.S. cybersecurity practitioners (54%) now believe a quantum computer capable of breaking current encryption will emerge within five years, coinciding with rapidly shrinking certificate lifecycles. “The path forward starts with building cryptographic visibility and automation. Then it becomes about implementing quantum-safe cryptographic infrastructure with PQ-ready HSMs and PQ-ready PKI…” says Entrust, signaling the urgent need for action before sensitive data and critical infrastructure are compromised.
Quantum Threat Timelines: RSA & ECC Deprecation by 2035
The looming arrival of quantum computing is forcing a dramatic recalibration of cryptographic standards, with organizations facing increasingly tight deadlines to transition away from vulnerable algorithms. These agencies are directing a deprecation of RSA and ECC encryption by 2030, with a complete disallowance by 2035, a timeline being adopted across the U.S., Canada, Australia, and the EU. Compounding this pressure, a new mandate from the CA/Browser Forum will drastically reduce the lifespan of public trust certificates, shrinking from 398 days to a mere 47 days by 2029, necessitating far more frequent renewal cycles.
Currently, only 40% of U.S. organizations and 38% globally are actively preparing for Post-Quantum Cryptography (PQC), a slight decrease from the previous year’s 41%. The primary obstacle isn’t a lack of awareness, but a critical deficiency in visibility—only 43% of organizations report having full insight into their certificates. “The gap between awareness of the quantum threat and action is widening,” said Mike Baxter, President and Chief Technology & Product Officer at Entrust. Budgetary concerns are also escalating, rising from 31% to 39% last year, alongside a jump in reported lack of expertise from 28% to 38%.
The potential consequences of inaction are stark, with U.S. respondents voicing anxieties over compromised critical infrastructure (58%) and exposure of sensitive long-term data, including financial and health records (59%).
Ponemon Institute Study Reveals Cryptographic Visibility Gaps
A global assessment of cryptographic preparedness paints a concerning picture, with organizations significantly lagging in their ability to address looming quantum computing threats and rapidly changing certificate standards. The 2026 Global State of Post-Quantum and Cryptographic Security Trends study, conducted by Ponemon Institute and sponsored by Entrust, surveyed over 4,000 IT and security professionals, revealing a persistent and deepening chasm between awareness and action. Only 40% of U.S. The study highlights that 68% of respondents find managing cryptographic assets to be “extremely or very difficult,” a substantial impediment to modernization efforts.
A lack of foundational visibility is consistently identified as the primary obstacle, with 41% of respondents reporting they lack full insight into their certificates. “The fact that 60% of respondents report that their organizations are not preparing to transition to post-quantum cryptography is a sign that the cryptographic landscape is changing faster than most organizations can keep up,” said Greg Wetmore, Vice President of Product Development at Entrust. Concerns about potential consequences are high, with 58% of U.S. respondents fearing loss of access to critical infrastructure and 59% worried about exposure of sensitive long-term data.
The study reveals that budgetary constraints are now a greater concern, increasing to 39% from 31% last year, and a shortage of expertise has also worsened, rising from 28% to 38%.
The fact that 60% of respondents report that their organizations are not preparing to transition to post-quantum cryptography is a sign that the cryptographic landscape is changing faster than most organizations can keep up.
Greg Wetmore, Vice President of Product Development at Entrust
PQ-Ready HSMs & PKI Enable Quantum-Safe Transition
While 54% of U.S. The study highlights that a primary impediment isn’t a lack of knowledge, but a deficiency in visibility into existing cryptographic assets—only 43% of respondents report full visibility. This makes implementing quantum-safe algorithms and infrastructure incredibly challenging, and 68% cite managing cryptographic assets as extremely or very difficult. This necessitates automated certificate replacement at scale, a capability many organizations currently lack.
