DigiCert 2025 Report Reveals Only 5% of Enterprises Are Quantum-Safe
DigiCert 2025 Report Reveals Only 5% of Enterprises Are Quantum-Safe
The dawn of quantum computing promises a revolution in computational power, capable of solving problems that today’s machines can only dream of tackling. Yet, this same power threatens to unravel the cryptographic foundations that secure our digital world. A new global study by DigiCert reveals a stark reality: while 69% of enterprises recognize that quantum computers could dismantle existing encryption within five years, only 5% have adopted quantum-safe encryption. This gap, underscored by the fact that 46.4% of respondents admit significant portions of their encrypted data are vulnerable, signals a critical inflection point for industries reliant on digital trust—from manufacturing and logistics to smart cities and IoT ecosystems.
As quantum computing advances from theoretical promise to tangible reality, enterprises face a pressing challenge: how to safeguard sensitive data against a future where today’s encryption could be obsolete. This article delves into the findings of DigiCert’s 2025 Quantum Pulse Survey, explores the barriers to quantum readiness, and examines the strategic imperatives for organizations aiming to stay ahead in a post-quantum world.
The Quantum Threat: A Ticking Clock
Quantum computers leverage the principles of quantum mechanics to perform calculations at unprecedented speeds, potentially rendering traditional cryptographic algorithms like RSA and ECC obsolete. The DigiCert study, conducted by Propeller Insights with 1,042 senior and C-level cybersecurity managers across the United States, United Kingdom, and Australia, paints a sobering picture. Despite widespread awareness—69% of respondents believe quantum computers will break current encryption by 2030—only 5% of enterprises have implemented quantum-safe encryption.
This disconnect is particularly alarming for industries like manufacturing, where IoT devices and supply chain logistics rely on long-lived cryptographic systems, or smart cities, where interconnected infrastructure demands robust security. “The quantum era presents both a significant risk and a transformative opportunity,” says Kevin Hilscher, Senior Director of Product Management at DigiCert. “The groundwork being laid today will determine which organizations are positioned to maintain trust and resilience when quantum computing becomes a reality.”
The threat is not hypothetical. Experts warn that cybercriminals could be stockpiling encrypted data today in anticipation of future decryption capabilities. Jamie Norton warned that the emerging power of cryptographically relevant quantum computers (CRQCs) could eventually break today’s encryption in seconds, stating, “The sheer computational power of quantum will mean that today’s cryptography will be able to be broken in seconds.” With 46.4% of surveyed enterprises acknowledging that substantial portions of their data are at risk, the stakes are high for industries managing sensitive data—such as logistics systems, digital twin networks, and urban infrastructure.
Barriers to Action: Complexity and Complacency
Why are enterprises lagging despite clear warnings? The DigiCert study identifies two primary culprits: perceived complexity and a lingering belief that quantum threats remain distant. Only 38% of organizations feel “very prepared” for quantum threats, and just 19.2% describe themselves as “extremely prepared.” This hesitancy is compounded by the technical and organizational challenges of transitioning to post-quantum cryptography (PQC).
“Migrating to post-quantum cryptography isn’t just a software patch—it’s a foundational shift,” says Dr. Jim Goodman, CTO at Crypto4A. “It requires full visibility into your cryptographic environment, upgrades to hardware, and cross-functional coordination.” For industries like construction or logistics, where legacy systems and long-lived IoT devices are common, this shift demands significant investment and planning. The complexity of inventorying cryptographic assets—certificates, algorithms, and keys—can be daunting, particularly for enterprises with sprawling digital footprints.
Complacency also plays a role. Amid analyst forecasts that quantum computing could compromise current cryptography within the next five years, many organizations perceive the threat as a future problem. This mindset is risky, especially for sectors like smart buildings, where encryption protects everything from access controls to energy management systems. The DigiCert report warns that delaying action could leave enterprises vulnerable to both immediate HNDL risks and long-term competitive disadvantages.
A Roadmap to Resilience: DigiCert’s Four-Step Plan
To bridge the readiness gap, DigiCert proposes a four-step framework for achieving a quantum-safe security posture, as outlined in the 2025 edition of Post-Quantum Cryptography for Dummies. These steps are particularly relevant for verticals like automation and 5G/6G networks, where cryptographic agility is essential for maintaining trust.
- Inventory Cryptographic Assets: Enterprises must map out all certificates, algorithms, and cryptographic assets, prioritizing those critical to operations. For example, in manufacturing, this includes IoT devices on factory floors; in urban development, it encompasses smart city infrastructure.
- Prioritize Long-Trust Crypto: Focus on replacing encryption for assets requiring long-term security, such as roots of trust, eSignatures, and long-lived IoT devices. In logistics, this could mean securing supply chain tracking systems that operate for decades.
- Test PQC Algorithms: Experiment with post-quantum cryptography in non-production environments to ensure interoperability and performance. This step is crucial for digital twins, where real-time data integration demands robust encryption.
- Enable Crypto-Agility: Build systems that allow rapid deployment of new encryption technologies as threats evolve. For smart cities, crypto-agility ensures that interconnected systems can adapt without disrupting services.
These steps align with the PQC standards selected by NIST, including new additions like HQC in 2024, which provide a blueprint for quantum-safe encryption. However, adoption remains low. Only 10% of Oceania respondents in ISACA’s Quantum Pulse Poll reported a strong understanding of PQC technologies, highlighting the need for education and expertise.
Strategic Opportunities: Integrating Quantum Readiness
Beyond risk mitigation, quantum readiness offers strategic advantages. By embedding PQC into existing Public Key Infrastructure (PKI) frameworks, enterprises can maximize their security investments while preparing for the future. This approach is particularly impactful for industries like data centers and cloud infrastructure, where PKI underpins digital trust.
“Organizations that prioritize quantum-safe security today will position themselves to confidently embrace the post-quantum future,” says Daniel Sutherland, Regional Vice-President ANZ at DigiCert. For enterprises in smart cities or IoT, early adoption of PQC can enhance resilience, attract partners, and ensure compliance with emerging regulations. The Biden administration’s January 2025 mandate for US government agencies to adopt PQC by 2030 underscores the global shift toward quantum-safe standards, signaling that enterprises must act swiftly to remain competitive.
Moreover, crypto-agility—the ability to rapidly update encryption protocols—offers a hedge against evolving threats. In 5G/6G networks, where real-time data flows are critical, agility ensures that systems remain secure even as quantum capabilities advance. Enterprises that invest in visibility and flexibility now will be better equipped to navigate the uncertainties of a quantum-enabled world.
The Global Context: A Call to Action
The quantum readiness gap is not unique to any one region. The DigiCert survey’s findings resonate globally, with Australian organizations slightly ahead of their peers—41.7% feel “very prepared” compared to 38% globally—but still lagging in implementation. In Oceania, 67% of ISACA respondents expressed concern about HNDL risks, compared to 56% globally, reflecting a heightened awareness of quantum threats in the region.
This urgency is echoed by industry leaders. “Those already underway are ahead of the curve and better equipped to handle what’s next,” says Dr. Goodman. For verticals like construction and urban development, where long-term infrastructure projects rely on secure data, the time to act is now. With quantum computing installations underway in cities such as Perth, New York, and Seoul, the window for preparation is narrowing.
Looking Ahead: Securing the Future
The quantum revolution is no longer a distant horizon. With experts warning that cybercriminals could be stockpiling encrypted data today in anticipation of future decryption capabilities, enterprises must move beyond awareness to action. DigiCert’s four-step framework offers a practical starting point, but success requires leadership, investment, and cross-functional collaboration.
For industries shaping the future—manufacturing, logistics, smart cities, and beyond—quantum readiness is not just a technical challenge but a strategic imperative. By embracing crypto-agility and PQC, enterprises can safeguard digital trust, protect critical infrastructure, and seize opportunities in a quantum-enabled world. As Kevin Hilscher aptly notes, “The groundwork being laid today will determine which organizations maintain trust and resilience.” The clock is ticking, and the time to build that foundation is now.
More Info here – To submit a story to us, address it to “the Editor” here
Disclaimer
The information provided in this article is for general informational purposes only and is derived from publicly available sources. While every effort is made to ensure accuracy, we make no representations or warranties, express or implied, regarding the completeness, reliability, or validity of the content. This article does not assert or verify any claims about specific companies, individuals, or organizations. References to external reports, studies, or sources are for contextual purposes only and do not imply endorsement or confirmation of any specific allegations. Readers are advised to conduct their own due diligence and seek professional advice before making business or investment decisions. We disclaim any liability for losses or damages incurred as a result of reliance on the information provided.