Despite NIST’s recent publication of post-quantum encryption standards, many organizations have not begun preparing for the post-quantum threat, according to a new report by the Entrust Cybersecurity Institute.
In August, NIST published its first three finalized post-quantum encryption standards, outlining usage and implementation guidelines for organizations entering a new era of quantum cryptography.
While 36% of organizations globally favor implementing a strict post-quantum cryptography (PQC) plan, a significant proportion are inclined towards a hybrid approach (31%) or initial internal testing of PQC (26%), Entrust found through its survey of over 2,000 IT security experts’ attitudes to PQC.
Entrust said that its findings on PQC and public key infrastructure (PKI) showed that less than half of organizations are preparing, and more than one-third lack the necessary scale or technology to transition to PQC.
“There’s a shift in the industry with regard to post-quantum readiness," said Samantha Mabey, Director of Digital Solutions Marketing at Entrust. “While the questions around the post quantum threat used to be ‘is it real’, the questions as of late are now ‘what do I need to do’ and ‘how’.”
Significant Barriers to Quantum Cryptography Transition
The 2024 PKI and Post Quantum Trends Study found that ownership, skills and inconsistent requirements serve as the top challenges for enabling applications of PKI.
It also said that 51% of respondents reported a lack of clear ownership over this transition.
Another challenge was visibility of cryptographic assets, with 43% of organizations citing an inability to simply inventory their crypto assets.
“Organizations know that the threat of post quantum is inevitable and impact substantial, but they lack the cryptographic visibility, skills and computing power needed to effectively activate a plan, revealing a critical gap between awareness and action as the quantum threat looms. A major focus for organizations in 2025 will be activating these plans, bolstering their visibility into their cryptographic assets, and preparing their teams for a quantum-safe future,” said Mabey.
Entrust’s 2024 PKI and Post Quantum Trends Study presents findings from a survey of IT and IT security professionals across the US, UK, Canada, Germany, UAE, Australia/New Zealand, Japan, Singapore and the Middle East, conducted by the Ponemon Institute.