Insights from 450 cybersecurity leaders reveal urgent PQC readiness gaps — and the business advantage of early action
Keyfactor, the industry leader in digital trust for modern enterprises, announced findings from its Digital Trust Digest: The Quantum Readiness Edition, conducted in partnership with Wakefield Research. The report reveals the state of post-quantum cryptography (PQC) from the perspective of cybersecurity professionals, finding nearly half of organizations (48%) are not prepared to confront the urgent challenges posed by quantum computing, which will render the public-key cryptography businesses rely on today obsolete. Mid-sized organizations are particularly vulnerable, with 56% saying they are not ready.
Keyfactor’s research shows that while awareness is growing, action is lagging. Organizations that treat PQC as a strategic priority will be the ones who lead tomorrow — in security, resilience, and digital trust.
Importantly, the report shows that how organizations perceive the PQC transition drives their response. Companies that view PQC as a significant undertaking are more than twice as likely to be taking steps now (49%) compared to those that consider the risks to be minor or overstated (24%). This divide highlights how critical it is for organizations to internalize the scope and urgency of the shift to PQC. Those who recognize the scale of the quantum threat gain a decisive advantage in future-proofing their infrastructure.
“Cryptography is the critical infrastructure of our digital world — it’s what keeps data, systems, and trust intact. But that infrastructure is under threat. Cryptographically relevant quantum computers are coming, and when they do, encryption will break,” said Jordan Rackie, CEO of Keyfactor. “Our research shows that while awareness is growing, action is lagging. Organizations that treat PQC as a strategic priority will be the ones who lead tomorrow — in security, resilience, and digital trust.”
Also Read: CIO Influence Interview with Dipto Chakravarty, Chief Product and Technology Officer at Black Duck
The report highlights compelling business drivers for PQC readiness. Respondents cited stronger cybersecurity (54%), enhanced customer trust (50%), reduced cyber insurance premiums (49%), and a competitive edge (48%) as key benefits. Companies that take early action now will shape their ability to adapt, lead, and instill long-term confidence in their security posture.
“Post-quantum cryptography is a once-in-a-generation opportunity to rebuild the foundation of digital trust,” said Chris Hickman, CSO at Keyfactor. “It will require a full-scale transformation in how we protect every encrypted interaction, file, and transaction – past, present, and future. This transition is about showing leadership, driving innovation, and building a security posture that can stand the test of time.”
Also Read: Scott Holden Joins Vanta as Chief Marketing Officer
Additional findings from the report include:
- Most organizations haven’t started their PQC transitions. While 42% are actively addressing quantum risk now, 33% plan to respond when the risks are more immediate, 24% are waiting to see what actions other companies take, and 2% have no plans to address the risks at all.
- Resource gaps are stalling progress. Top challenges include lack of skilled personnel (40%), l*********** and competing priorities (40%), and unclear industry standards (39%).
- Risk perception varies by role. More VPs and directors (53%) believe their organizations are unprepared, compared to 35% of C-suite executives.
- The call to action is coming from within. At nearly half of companies (46%), cybersecurity teams are championing PQC preparedness, followed by the C-suite (33%) and board members (22%).
