Entrust report – post-quantum cryptography awareness is high, but preparation lags

In today’s rapidly evolving digital landscape, the future of cryptography lies in post-quantum security—yet most organisations are unprepared. The recently published 2024 PKI and Post-Quantum Trends Study by the Entrust Cybersecurity Institute reveals a growing awareness of PQC among IT and security professionals but a concerning lag in tangible preparation across Australia and New Zealand.

With quantum computing on the horizon, the stakes for businesses are high. PQC promises to protect critical infrastructures from the quantum threat, which can potentially break current encryption methods. Despite this urgency, only a third of organisations in the region have started taking actionable steps toward this future.

Key Findings:

1. Readiness Gap: While 56% of Australian and New Zealand (ANZ) respondents plan to migrate to PQC within five years, only about a third are currently preparing for the shift. Many cite the lack of sufficient technology and scale as significant barriers.
2. Fragmented Infrastructure: Nearly half of respondents (49%) report that requirements for PQC and PKI (Public Key Infrastructure) are too fragmented or inconsistent, creating implementation roadblocks. Additionally, 48% of organisations lack clear ownership over the transition process.
3. Top Concerns: A lack of adequate budget, technology, and strategy are the biggest concerns for businesses. Around 45% of respondents worry about their capacity to handle the extra computing power PQC requires, and a similar percentage doubt the security of PQC algorithms post-deployment.
4. Uncertainty in Migration: Organisations are divided in their approach to PQC migration. While 35% are focused on implementing strict PQC plans, a growing number (36%) are adopting hybrid models, and 21% are still in early testing phases.

A Critical Moment for PQC Preparedness

Samantha Mabey, Director of Digital Solutions Marketing at Entrust, noted that while the conversation has shifted from “is PQC real” to “what do we need to do,” the transition is proving complex. Organisations understand the imminent risk posed by quantum advancements but are struggling with a lack of clear direction, resources, and skilled personnel.

The gap between awareness and action could leave businesses exposed to vulnerabilities in a future where quantum computing could undermine current encryption protocols. As more organisations take steps toward PQC, the coming years will be critical in bridging this preparedness gap, ensuring that businesses are equipped for the quantum age.