AACHEN, Germany, April 28, 2025 -- Utimaco, a leading global provider of IT security solutions and PQC readiness, today announced the release of its PQC readiness survey results. The survey reveals the status and timelines for organizations migrating to PQC, including preferred methods of migration and common barriers to entry.

This report, based on responses from more than 200 organizations in the U.S., United Kingdom and Germany, provides valuable insights for IT security professionals working on their PQC migration efforts, aligning with new NIST standards and ensuring robust protection for their critical networks, applications, workloads, servers and devices.

"Q-Day," or the day malicious actors have access to quantum-powered cyberattacks, will require a complete shift in today's cryptographic landscape. A cryptanalytically relevant quantum computer that could break common public key schemes is expected by 2030.

Utimaco's survey takes a deeper dive into the efforts of organizations considered to be more cyber-advanced, finding over half will be safely prepared ahead of the deadline. Among the results:

• 20% of organizations said they have already begun migrating to PQC
• 34% of organizations plan to begin within 1-3 years
• 21% expect to start to migrate within 3-5 years, attempting to align with the anticipated timeline for quantum threats
• 25% have no plans to migrate to PQC

Migrating to Post-Quantum Cryptography (PQC) isn't a side project—it's a major transformation requiring organizations to transition their cryptographic infrastructure across multiple use cases. Adopting new cryptographic algorithms can be disruptive for legacy systems, particularly due to larger key sizes and differences in implementation. For organizations working on PQC migration, most (63%) showed a preference toward a hybrid approach, which combines classical and post-quantum cryptography.

The survey also found:

• 26% of organizations view larger symmetric key sizes as a viable solution
• 17% plan to adopt full PQC implementation
• 12% intend to use Quantum Key Distribution (QKD) as an additional security measure
• 20% selected none or other methods, which could include larger asymmetric key sizes or following guidelines from federal cybersecurity institutions

Cindy Provin, CSO, Utimaco, said: "The reality is that quantum threats aren't far away. At Utimaco, we're working closely with customers and partners like NIST to provide solutions that ease the path to post-quantum readiness, and our survey showcases progress towards that goal. While there is still a portion of organizations out there that lack a plan for the road to PQC readiness, we are hard at work to ensure access to easy-to-implement solutions with the latest algorithms to help them – and our customers – on this journey."