Keyfactor Research Reveals Nearly Half of Enterprises Aren't Prepared for Rising Quantum Threats

Keyfactor recently announced findings from its Digital Trust Digest: The Quantum Readiness Edition, conducted in partnership with Wakefield Research.

The report reveals the state of post-quantum cryptography (PQC) from the perspective of cybersecurity professionals, finding nearly half of organizations (48%) are not prepared to confront the urgent challenges posed by quantum computing, which will render the public-key cryptography businesses rely on today obsolete. Mid-sized organizations are particularly vulnerable, with 56% saying they are not ready.

Importantly, the report shows that how organizations perceive the PQC transition drives their response. Companies that view PQC as a significant undertaking are more than twice as likely to be taking steps now (49%) compared to those that consider the risks to be minor or overstated (24%). This divide highlights how critical it is for organizations to internalize the scope and urgency of the shift to PQC. Those who recognize the scale of the quantum threat gain a decisive advantage in future-proofing their infrastructure.

“Cryptography is the critical infrastructure of our digital world—it’s what keeps data, systems, and trust intact. But that infrastructure is under threat. Cryptographically relevant quantum computers are coming, and when they do, today’s encryption will break,” said Jordan Rackie, CEO of Keyfactor. “Our research shows that while awareness is growing, action is lagging. Organizations that treat PQC as a strategic priority today will be the ones who lead tomorrow—in security, resilience, and digital trust.”

The report highlights compelling business drivers for PQC readiness. Respondents cited stronger cybersecurity (54%), enhanced customer trust (50%), reduced cyber insurance premiums (49%), and a competitive edge (48%) as key benefits. Companies that take early action now will shape their ability to adapt, lead, and instill long-term confidence in their security posture.

“Post-quantum cryptography is a once-in-a-generation opportunity to rebuild the foundation of digital trust,” said Chris Hickman, CSO at Keyfactor. “It will require a full-scale transformation in how we protect every encrypted interaction, file, and transaction—past, present, and future. This transition is about showing leadership, driving innovation, and building a security posture that can stand the test of time.”

Additional findings from the report include:

Most organizations haven’t started their PQC transitions. While 42% are actively addressing quantum risk now, 33% plan to respond when the risks are more immediate, 24% are waiting to see what actions other companies take, and 2% have no plans to address the risks at all.
Resource gaps are stalling progress. Top challenges include lack of skilled personnel (40%), limited time and competing priorities (40%), and unclear industry standards (39%).
Risk perception varies by role. More VPs and directors (53%) believe their organizations are unprepared, compared to 35% of C-suite executives.
The call to action is coming from within. At nearly half of companies (46%), cybersecurity teams are championing PQC preparedness, followed by the C-suite (33%) and board members (22%).

The study was conducted by Wakefield Research on behalf of Keyfactor and includes responses from 450 cybersecurity professionals across North America and Europe. All respondents have a minimum seniority of Director and work at companies with a minimum of 1,000 employees. The full report is supported with practical steps and insights from Keyfactor experts across cryptography, identity, and risk who share insights, recommendations, and PQC lessons learned.

To view the complete findings and download the Digital Trust Digest: The Quantum Readiness Edition, please visit: https://www.keyfactor.com/digital-trust-digest-quantum-readiness.