SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
International Women’s Day
392 opinions Read now

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Business office shield icons protecting digital data quantum threats
#
Data Protection
#
Encryption
#
Advanced Persistent Threat Protection

Nearly half of firms unprepared for post-quantum cyber risks

Wed, 30th Jul 2025
Author image
By Jed Nykolle Harme, Editor

Nearly half of enterprises are unprepared to address the cybersecurity risks posed by quantum computing, according to new research from Keyfactor.

The Digital Trust Digest: The Quantum Readiness Edition, a study conducted by Wakefield Research in partnership with Keyfactor, surveyed 450 cybersecurity leaders across North America and Europe to assess organisational readiness for the transition to post-quantum cryptography (PQC). The findings highlight significant gaps in preparedness, particularly among mid-sized organisations, and point to a mixed sense of urgency across company roles and responsibilities.

Readiness divide

The report states that 48% of organisations are not adequately prepared for the threat of quantum computers, which could render current public-key cryptography obsolete. Mid-sized organisations are especially vulnerable, with 56% stating they are not ready for the transition.

The perceived magnitude of the PQC transition appears to directly influence enterprise responses. Companies that recognise PQC as a major organisational challenge are more proactive, with 49% already taking preparatory steps, compared to just 24% among those who consider the risks minor or overstated. This variance in perception underlines the importance of understanding and accepting the scope of the quantum threat.

Perspectives from leadership

"Cryptography is the critical infrastructure of our digital world - it's what keeps data, systems, and trust intact. But that infrastructure is under threat. Cryptographically relevant quantum computers are coming, and when they do, today's encryption will break. Our research shows that while awareness is growing, action is lagging. Organisations that treat PQC as a strategic priority today will be the ones who lead tomorrow - in security, resilience, and digital trust," said Jordan Rackie, CEO of Keyfactor. 

Chris Hickman, Chief Security Officer at Keyfactor, addressed the scope of the challenge and the opportunities it presents:

"Post-quantum cryptography is a once-in-a-generation opportunity to rebuild the foundation of digital trust. It will require a full-scale transformation in how we protect every encrypted interaction, file, and transaction – past, present, and future. This transition is about showing leadership, driving innovation, and building a security posture that can stand the test of time."

Business case for PQC

Respondents identified several tangible advantages to moving early on PQC readiness. According to the report, 54% cited stronger cybersecurity, 50% indicated enhanced customer trust, 49% expected reduced cyber insurance premiums, and 48% saw a competitive edge as key benefits of early action in the shift to post-quantum encryption.

Current actions and challenges

Despite growing awareness, most organisations have yet to begin the transition. The study found that 42% are actively addressing quantum risk, 33% plan to respond when the risks become more immediate, 24% are waiting to see how other companies approach the issue, and 2% have no current plans to address quantum threats.

Resource constraints are a significant barrier. The primary challenges cited were a lack of skilled personnel (40%), limited time and competing priorities (40%), and unclear industry standards (39%).

Varying levels of concern

The research also revealed differences in quantum risk perception based on organisational role. While 53% of vice presidents and directors believe their companies are unprepared, only 35% of C-suite leaders shared this concern. This suggests a possible disconnect in the assessment of organisational readiness at different leadership levels.

Internal advocacy

Cybersecurity teams are leading the call to action within many organisations. At 46% of companies, cybersecurity teams are primary drivers for PQC preparedness. This is followed by C-suite executives at 33%, and board members at 22%.

The survey sampled cybersecurity professionals with a minimum seniority of Director, working at companies with at least 1,000 employees. The findings are supported with additional guidance from Keyfactor experts, offering recommendations and lessons learned for PQC transition.

As the risks associated with quantum computing continue to evolve, the study suggests that internal perceptions of urgency and the allocation of resources will play a critical role in shaping organisations' ability to adapt their cryptographic foundations in the years ahead.

Related stories
OPSWAT unveils MetaDefender Aether for AI-era threats
Tech Mahindra & Rubrik launch AI-led cyber recovery
SonicWall receives 5-Star Award in 2026 CRN Partner Program Guide
DataBench, First Person team up on privacy-first IDs
Keeper & Williams F1 launch identity-first security push

Top stories

Qevlar AI raises USD $30m to expand autonomous AI SOC
Tech Mahindra & Rubrik launch AI cyber recovery service
Claroty named Leader in 2026 Gartner CPS security report
Entrust launches cloud cryptographic security platform
Thrive unveils governed AI workspace & adoption model