2024 PKI & Digital Trust Report Reveals Digital Identity Challenges Will Hinder Post-Quantum Readiness and Resiliency
CLEVELAND-Keyfactor, the identity-first security solution for modern enterprises, and Vanson Bourne today announced findings from the 2024 PKI & Digital Trust Report. With the National Institute of Standards and Technology (NIST) expected to finalize post-quantum cryptography (PQC) standards in the second half of 2024, this latest report explores present-day challenges that create barriers to building a strong foundation of digital trust. In particular, findings demonstrate that these barriers are only expected to worsen as organizations prepare for PQC.
Cloud-based infrastructures, the increasingly connected world, and the expansion of online services have heightened the need for public key infrastructure (PKI) management, which plays a crucial role in establishing trust in digital communications and transactions. And yet, it’s clear that many IT teams still struggle with PKI. According to the report, nearly all organizations (93%) experience challenges with setting an effective PKI and certificate management strategy; despite this, most respondents self-reported PKI maturity. The findings indicate a disconnect between perception and reality: PKI is critical to digital trust. With the encroaching advancement of quantum computing, the risks associated with improper PKI management, including outages and security breaches, are expected to worsen.
“As quantum computing threatens to undermine widely used security protocols and algorithms, the state of digital trust hangs in the balance,” said Chris Hickman, Chief Security Officer at Keyfactor. “Threat actors have already begun harvesting and storing encrypted data now with the aim of decrypting it when a cryptographically relevant quantum computer becomes available, meaning PQC preparation is an immediate priority for organizations today. IT and security leaders must establish a secure and resilient PKI infrastructure to maintain the security, reliability, and integrity of digital interactions. Turning to qualified, experienced partners ensures the right people, processes, and tooling are in place as organizations transition to post-quantum security and adapt to the evolving threat landscape in today’s hyper-connected world.”
The 2024 PKI & Digital Trust Report also reveals that while organizations are aware of the significant threat quantum poses, most have yet to make strides in their quantum-readiness journey. For example:
- Only 23% of organizations have started work on PQC;
- Over a third (36%) expect to start after the first release of standards later this year;
- Another quarter (25%) of organizations will begin implementing PQC when standards are finalized.
Additional findings from the report include:
- Risks associated with improper PKI and certificate management are devastating businesses: When expired certificates caused outages, 48% of respondents reported customer confidence would likely be affected, 46% reported that brand reputation would be impacted, and 37% reported revenue loss.
- Growing fears around the evolving cryptographic landscape: 80% of organizations are concerned about their ability to adapt to risks and changes in cryptography, an increase from 48% in 2023.
- PKI management is critical for defending against AI threats: While using PKI and certificates for AI and AI-generated content is used by less than 4 in 10 organizations, 91% agree that PKI is important for protecting against threats posed by AI.
The study was conducted by Vanson Bourne on behalf of Keyfactor and includes responses from 1,200 IT professionals familiar with their organization’s PKI infrastructure in North America and EMEA. Respondents worked in organizations spanning 11 industries, including IT, technology, and telecoms; industrial and manufacturing; healthcare and pharmaceuticals; energy and utilities; insurance; and financial services.