A recent report by the Entrust Cybersecurity Institute has revealed a concerning trend in the adoption of post-quantum cryptography (PQC) among organizations worldwide. Despite increased awareness of the threats posed by quantum computing, less than half of organizations are preparing for the transition to PQC, and over one-third lack the necessary scale or technology to do so. The report, based on a survey of 2,176 IT and security professionals across nine countries, highlights a critical gap between awareness and action as the quantum threat looms.
According to Samantha Mabey, Director of Digital Solutions Marketing at Entrust, “Organizations know that the threat of PQ is inevitable and impact substantial, but they lack the cryptographic visibility, skills, and computing power needed to effectively activate a plan.” The report comes on the heels of NIST publishing its first three finalized post-quantum encryption standards, outlining usage and implementation guidelines for organizations entering a new era of quantum cryptography.
Post-Quantum Cryptography Awareness on the Rise, but Preparation Lags Behind
The threat of quantum computing to modern cryptography is no longer a topic of debate, and organizations are increasingly aware of the need to transition to post-quantum cryptography (PQC). However, despite this growing awareness, many organizations are still unprepared for the transition, citing concerns over skills, education, and technologies needed to effectively prepare.
According to the 2024 PKI and Post Quantum Trends Study conducted by the Ponemon Institute, 61% of global respondents plan to migrate to PQC within the next five years. However, less than half (41%) of organizations globally are presently preparing for the transition. This lack of preparation is concerning, as it leaves organizations vulnerable to potential attacks.
One of the major challenges facing organizations in their transition to PQC is the need for increased computing power. The study found that 38% of global respondents reported not having the right scale and technology to support the required extra computing power for PQC. This highlights the need for organizations to invest in the necessary infrastructure to support their transition to PQC.
Another key challenge is the lack of clear ownership over the transition process. The study found that 51% of respondents reported a lack of clear ownership, while 43% reported a tie between insufficient skills and complicated or fragmented requirements as the biggest hurdle to enabling public key infrastructure (PKI).
Cryptographic Asset Visibility: A Critical Gap in PQC Readiness
Cryptographic asset visibility is a critical component of PQC readiness, yet many organizations are struggling to achieve this. The study found that 43% of respondents cited an inability to simply inventory their crypto assets as the top concern for all nine countries surveyed.
This lack of visibility is concerning, as it makes it difficult for organizations to understand their current cryptographic landscape and plan for the transition to PQC. As Samantha Mabey, Director of Digital Solutions Marketing at Entrust, noted, “Organizations know that the threat of PQ is inevitable and impact substantial, but they lack the cryptographic visibility, skills, and computing power needed to effectively activate a plan.”
Path to PQC: Uncertainty Reigns
The path to PQC is uncertain for many organizations. The study found that while 36% of organizations globally favor implementing a strict PQC plan, a significant proportion are inclined towards a hybrid approach (31%) or initial internal testing of PQC (26%).
This uncertainty highlights the need for organizations to develop a clear strategy for their transition to PQC. This includes understanding their current cryptographic landscape, identifying the necessary skills and technologies, and developing a roadmap for implementation.
Bridging the Gap between Awareness and Action
The 2024 PKI and Post Quantum Trends Study highlights a critical gap between awareness and action when it comes to PQC readiness. While organizations are increasingly aware of the need to transition to PQC, many are still unprepared for the transition.
As Mabey noted, “A major focus for organizations in 2025 will be activating these plans, bolstering their visibility into their cryptographic assets, and preparing their teams for a quantum-safe future.” This requires a concerted effort from organizations to invest in the necessary skills, technologies, and infrastructure to support their transition to PQC.
By bridging this gap between awareness and action, organizations can ensure they are prepared for the transition to PQC and can protect themselves against the threats posed by quantum computing.
External Link: Click Here For More
