A new report from digital security firm Entrust reveals a persistent and widening gap in organizational oversight of cryptographic tools, creating vulnerabilities as quantum computing advances. The research, surveying cybersecurity professionals globally, found that only about 43% of organizations have complete insight into their encryption certificates, with 68% describing management as highly challenging.
This lack of visibility is critical as regulatory bodies like NIST and the NSA plan to phase out current RSA and ECC encryption algorithms by 2030, banning them entirely by 2035. The report highlights a decline in quantum readiness, with just 40% of U.S. firms and 38% internationally actively shifting to post-quantum cryptography (PQC), a drop from prior years. More than half (54%) of U.S. respondents anticipate a quantum machine capable of cracking traditional encryption within five years.
Compounding the risk is a rapid shortening of certificate validity periods, mandated to shrink from 398 days to just 47 days by 2029. Entrust warns that without improved oversight and automation, organizations risk widespread outages and severe data breaches, with 58% fearing loss of control over critical infrastructure and 59% worried about compromise of sensitive financial or medical data.
In a separate analysis, digital asset manager CoinShares addresses the specific implications for Bitcoin, arguing that quantum fears are premature. The report notes that Bitcoin's security model, where public keys for modern addresses remain hidden until funds are spent, limits immediate vulnerability. The primary risk is confined to a narrow slice of older address types.
CoinShares emphasizes that current quantum hardware is far too weak, requiring millions of stable qubits to threaten Bitcoin—a capability projected to be years away. The analysis concludes that Bitcoin's open-source nature allows for gradual, phased upgrades to quantum-resistant cryptography, providing a wide adaptation window. The firm cautions that forcing premature protocol changes could introduce more risk than the quantum threat itself, labeling it a long-term engineering challenge rather than an immediate security crisis.
