The Urgent Need For Crypto Agility

Uploaded on 2025-08-20 in NEWS-Cybersecurity News, FREE TO VIEW

A leader in digital certificates and automated Certificate Lifecycle Management (CLM), Sectigo, has released its inaugural State of Crypto Agility Report, with insights analysed by research firm Omdia.

The report, surveying 272 IT decision-makers worldwide, reveals deep concerns about two seismic shifts in digital trust: the CA/Browser Forum’s mandate to reduce SSL/TLS certificate lifespans to 47 days by 2029 and the transition to post-quantum cryptography (PQC) by 2030.

With 96% of organisations worried about the impact of shorter certificate lifespans, and readiness for both changes critically low, the report highlights the urgent need for cryptographic agility to secure digital infrastructure.

Shorter Certificate Lifespans Spark Widespread Concern  

The impending reduction of SSL/TLS certificate validity to 47 days has alarmed 96% of surveyed organisations, who fear operational disruptions. Shorter lifespans aim to enhance security by limiting the window for attackers to exploit compromised certificates, but they demand robust automation to manage frequent renewals. Alarmingly, only 5% of organisations have fully automated CLM, leaving 95% reliant on manual processes, which heighten the risk of outages costing £4,200 to £6,800 per minute.

Furthermore, just 28% maintain a complete certificate inventory, and only 13% are highly confident in tracking all certificates, including rogue ones. “SSL/TLS certificates have been stable for decades, but that era is over,” said Tim Callan, Sectigo’s Chief Compliance Officer. “Building certificate agility now is the fastest path to PQC readiness.”

Quantum Computing Threatens Current Cryptography 

The report highlights the looming challenge of quantum computing, which could render traditional encryption methods like RSA obsolete by 2030. A staggering 98% of organisations anticipate difficulties in implementing PQC, with 92% expecting barriers such as integration complexity or resource constraints. Only 14% have fully assessed their quantum-vulnerable systems, and just 15% are extremely confident in achieving a seamless PQC transition. Despite this, 90% have allocated budgets for PQC preparedness within the next 12 months, with 92% planning increased investment over the next two to three years.

The report positions the 47-day certificate transition as a critical stepping stone, with 90% of organisations recognising overlap between short-lifespan preparedness and PQC readiness.

Operational & Security Risks 

The combination of shorter certificate lifespans and the PQC transition presents a dual challenge. Rik Turner, Chief Analyst at Omdia, noted, “Managing shorter certificate lifecycles is central to building the crypto agility necessary for PQC.” Yet, low readiness levels expose organisations to significant risks. Manual certificate management increases the likelihood of errors and outages, while incomplete inventories leave systems vulnerable to undetected compromises. The report warns that failure to adapt could amplify cybersecurity threats, with malware infections already affecting 4.1 million websites globally. Organisations must prioritise automation and visibility to mitigate these risks.

Sectigo recommends automated CLM to streamline certificate renewals, enhance visibility, and reduce human error. It also provides resources, including webinars on 2 September (PQC focus) and 30 September (47-day certificates focus), hosted by experts Jason Soroko and Tim Callan, to guide enterprises. 

Conclusion

Sectigo's report is a wake-up call for enterprises facing transformative changes in digital trust. With 96% concerned about shorter SSL/TLS certificate lifespans and only 14% prepared for PQC, organisations must act swiftly to adopt automated, agile cryptographic systems.

As Callan emphasised, “Certificates are now front and centre in securing our digital future.” Proactive investment in CLM and PQC readiness is essential to safeguard against operational and cybersecurity risks in an evolving threat landscape.

Image: Ideogram

You Might Also Read: 

Quantum Computing Nears A Turning Point:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« All About Lazarus Group
BlackSuit Ransom Gang Taken Down »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Frazer-Nash Consultancy

Frazer-Nash Consultancy

Frazer-Nash is a leading engineering, systems and technology company. Areas of expertise include information security and cyber security.

eScan AV

eScan AV

eScan develops Information Security solutions that provide protection against current and evolving cyber threats.

Internet Security Alliance (ISA)

Internet Security Alliance (ISA)

ISA is an international trade association providing thought leadership in advancing a sustainable system of cyber security.

Cura Software Solutions

Cura Software Solutions

Cura Software Solutions (formerly Cura Technologies) is a market-leader in Governance, Risk and Compliance (GRC) enterprise applications.

ATSEC Information Security

ATSEC Information Security

ATSEC is an independent, privately-owned company that focuses on providing laboratory and consulting services for information security.

Center for Identity - University of Texas at Austin

Center for Identity - University of Texas at Austin

The mission of the Center is to deliver the highest-quality discoveries, applications, education, and outreach for excellence in identity management, privacy, and security.

Oxford BioChronometrics

Oxford BioChronometrics

By building profiles based on electronically Defined Natural Attributes, or e-DNA, Oxford BioChronometrics protects digital networks, communities, individuals and other online assets from fraud.

infySEC

infySEC

InfySEC is an information security services organization offering Security Technology services, Security Consulting, Security Training, Research & Development.

certSIGN

certSIGN

certSIGN develop innovative software for information security and information systems protection.

HancomWITH

HancomWITH

Hancomwith is an information security company. We provide optimized blockchain solutions in areas including next-generation authentication, security and digital asset transaction.

FortifyIQ

FortifyIQ

FortifyIQ's mission is to advance maximum security against side-channel attacks across the entire computing spectrum.

Oasis Technology

Oasis Technology

Oasis Technology are experts in cyber security. In addition to pioneering the game-changing TITAN anti-hacking device, we provide extensive cyber security consulting services.

Nuance Communications

Nuance Communications

From revolutionizing the doctor-patient relationship to reinventing the way brands connect with their customers, Nuance technology helps organizations push the boundaries of what’s possible.

Recast Software

Recast Software

Recast Software exists to simplify the work of IT teams and enable them to create highly secure and compliant environments.

US Insider Risk Management Center of Excellence (US-InRM)

US Insider Risk Management Center of Excellence (US-InRM)

The US-InRM Center of Excellence is a nonprofit organization dedicated to promoting private, public, and academic partnerships to foster knowledge sharing and resources to mitigate insider risk.

Skylark

Skylark

Skylark is a leading global IT services provider, transforming client’s businesses through innovative and advanced technology solutions.