Entrust has published findings from a new Ponemon Institute study examining the state of cryptographic readiness as quantum computing timelines accelerate and certificate lifecycles shorten. The report highlights two approaching cryptographic deadlines that could affect how organisations manage data security and digital trust.
The study, conducted independently by the Ponemon Institute and sponsored by Entrust, surveyed more than 4,000 IT and security professionals globally, including 573 respondents from the UK and Ireland. It explores the impact of post-quantum cryptography (PQC) and changing certificate standards on operational resilience.
Quantum Timelines and Certificate Lifecycles
According to the research, 50% of UK cybersecurity practitioners believe a quantum computer capable of breaking RSA and ECC encryption could emerge within five years, while 78% expect this within the next decade. The findings align with the UK National Cyber Security Centre’s roadmap, which sets milestones to complete high-priority PQC migrations by 2031 and finalise transitions by 2035.
At the same time, certificate validity windows are shrinking. A CA/Browser Forum mandate will reduce public trust certificate lifetimes from 398 days to 200 days, then 100, and eventually to 47 days by 2029. These changes are intended to reduce risk but require faster renewal cycles and greater automation at scale.
Preparation Gaps and Risk Exposure
Despite the timelines, many organisations report limited preparation. In the UK and Ireland, 68% of respondents said they have not started preparing for post-quantum cryptography, compared with a global average of 60%.
In addition, 92% of UK and Irish respondents described cryptographic asset management as difficult, very difficult, or extremely difficult, the highest level reported across all regions surveyed.
Respondents identified several risks associated with a successful quantum attack. These include exposure of long-term sensitive data such as health records and trade secrets (63%), and loss of access to encrypted critical infrastructure (52%).
Budget, Visibility and Fragmentation
The research also highlights structural challenges. In the UK and Ireland, 42% of respondents cited budget constraints as the biggest barrier to quantum preparation, higher than the global average.
Nearly half (49%) pointed to fragmented systems as making credential and certificate management difficult, while the same proportion reported a lack of clear understanding of cryptographic requirements.
Without visibility into where keys and certificates are stored, used, and when they expire, teams struggle to automate renewal workflows or prevent outages caused by expired credentials. Respondents in the UK and Ireland also gave government policy and public-private coordination on quantum readiness a lower rating than other regions surveyed.
Approaches to Quantum Readiness
The report suggests that organisations need improved visibility into cryptographic assets and greater automation of certificate lifecycle management as a foundation for post-quantum transitions.
It also points to the role of quantum-ready hardware security modules (HSMs) and public key infrastructure (PKI) in supporting future cryptographic standards, allowing organisations to begin planning for migration before large-scale quantum computing becomes practical.
Overall, the findings indicate a widening gap between awareness of quantum risks and operational readiness. As certificate lifecycles shorten and encryption standards evolve, organisations face increasing pressure to modernise cryptographic environments to maintain resilience and operational stability.
