Certes has released new research highlighting a disconnect between quantum risk awareness and organizations’ ability to act on it. The Emerging PQC Imperative report reveals that 78% of organizations identify legacy systems as their greatest quantum security risk, yet most are doing little to address it. These environments remain difficult to secure and even harder to upgrade, leaving critical data increasingly exposed.
The report also found that nearly three-quarters (74%) of organizations view edge and IoT environments as a major quantum security risk, highlighting the growing exposure across distributed infrastructures. These environments are often difficult to upgrade or standardize, which can make them a critical weak point when it comes to implementing the cryptographic changes required for post-quantum readiness.
At the same time, 73% of organizations are actively evaluating the impact of “harvest now, decrypt later” attacks, recognizing that data stolen today could become a future breach once quantum capabilities mature. While evaluation is commended, it stops short of actually protecting the data at risk.
Despite near-universal recognition of the threat posed by quantum computing, just 11% of organizations are confident they can achieve post-quantum readiness within expected timelines, highlighting a significant execution gap as businesses struggle to move from planning to meaningful action. While awareness is high, many organizations still lack the confidence, funding, and practical path required to respond effectively. And with legacy applications being the Achilles Heel for most companies – a weak point that can be simply rectified with the right security solutions – these statistics highlight that there is a huge gap in terms of understanding the problem at hand and actions being taken to protect critical data from exposure, and in turn helping protect businesses from massive financial, judiciary and reputational penalties.
The study independently conducted by Freeform Dynamics and commissioned by Certes, is based on responses from 200 senior IT and security leaders across the UK and US, including CISOs, CIOs, and other decision-makers from large organizations spanning sectors such as financial services, healthcare, manufacturing, and the public sector.
Other key findings from the report include:
- Only 2% are fully confident in achieving full crypto agility – Most organizations lack the ability to adapt cryptography at scale, leaving them exposed to both current and future threats.
- Nearly all respondents (97%) said they are not fully confident they can meet crypto agility timelines – Despite widespread awareness, confidence in delivering long-term quantum resilience remains critically low.
- 91% cite mitigation of material business risk as a key driver – Quantum risk is now firmly viewed as a core business issue, not just a technical or security concern.
- Just one in four (25%) have a dedicated budget to act on quantum security – Strategic intent is in place, but without funding, most initiatives are failing to progress beyond early-stage planning.
Quantum computing is widely expected to render much of today’s encryption ineffective. While timelines remain debated, regulators and standards bodies are already setting milestones, with expectations for initial quantum-safe readiness by 2030 and broader transition by 2035. At the same time, the growing threat of “harvest now, decrypt later” attacks means sensitive data is already at risk today, as adversaries collect encrypted information with the intention of decrypting it in the future.
Certes Launches v7 to Bridge the Quantum Readiness Gap
To help organizations move from awareness to action, Certes recently launched v7, a powerful extension of its Data Protection and Risk Mitigation (DPRM) platform. Designed to deliver quantum-safe data protection and crypto-segmentation for any application, over any infrastructure, anywhere, v7 marks a new era of future-proof data protection, enabling PQC today for legacy applications, hybrid cloud, AI, and the edge, while keeping data protected even when infrastructure and identities are compromised. Unlike traditional tools that demand network redesigns or application rewrites, v7 can typically be deployed in days rather than months, without requiring application refactoring or major infrastructure changes.
Centralized, per-flow policies are automatically enforced across hybrid, multi-cloud, on-premises, and edge environments, designed to deliver quantum-safe protection at scale while minimizing additional operational complexity. For organizations looking to close the execution gap, v7 delivers six strategic outcomes: faster deployment, simplified operations, stronger breach resilience, regulatory compliance, future-proof cryptography, and automated policy enforcement across distributed environments.
v7 is available as part of the Certes DPRM platform. For more information visit: https://pages.certes.ai/v7-blueprint-for-quantum
78% of Organisations Say Legacy Systems Are Their Biggest Quantum Security Risk
Posted in Commentary with tags Certes on May 20, 2026 by itnerdCertes has released new research highlighting a disconnect between quantum risk awareness and organizations’ ability to act on it. The Emerging PQC Imperative report reveals that 78% of organizations identify legacy systems as their greatest quantum security risk, yet most are doing little to address it. These environments remain difficult to secure and even harder to upgrade, leaving critical data increasingly exposed.
The report also found that nearly three-quarters (74%) of organizations view edge and IoT environments as a major quantum security risk, highlighting the growing exposure across distributed infrastructures. These environments are often difficult to upgrade or standardize, which can make them a critical weak point when it comes to implementing the cryptographic changes required for post-quantum readiness.
At the same time, 73% of organizations are actively evaluating the impact of “harvest now, decrypt later” attacks, recognizing that data stolen today could become a future breach once quantum capabilities mature. While evaluation is commended, it stops short of actually protecting the data at risk.
Despite near-universal recognition of the threat posed by quantum computing, just 11% of organizations are confident they can achieve post-quantum readiness within expected timelines, highlighting a significant execution gap as businesses struggle to move from planning to meaningful action. While awareness is high, many organizations still lack the confidence, funding, and practical path required to respond effectively. And with legacy applications being the Achilles Heel for most companies – a weak point that can be simply rectified with the right security solutions – these statistics highlight that there is a huge gap in terms of understanding the problem at hand and actions being taken to protect critical data from exposure, and in turn helping protect businesses from massive financial, judiciary and reputational penalties.
The study independently conducted by Freeform Dynamics and commissioned by Certes, is based on responses from 200 senior IT and security leaders across the UK and US, including CISOs, CIOs, and other decision-makers from large organizations spanning sectors such as financial services, healthcare, manufacturing, and the public sector.
Other key findings from the report include:
Quantum computing is widely expected to render much of today’s encryption ineffective. While timelines remain debated, regulators and standards bodies are already setting milestones, with expectations for initial quantum-safe readiness by 2030 and broader transition by 2035. At the same time, the growing threat of “harvest now, decrypt later” attacks means sensitive data is already at risk today, as adversaries collect encrypted information with the intention of decrypting it in the future.
Certes Launches v7 to Bridge the Quantum Readiness Gap
To help organizations move from awareness to action, Certes recently launched v7, a powerful extension of its Data Protection and Risk Mitigation (DPRM) platform. Designed to deliver quantum-safe data protection and crypto-segmentation for any application, over any infrastructure, anywhere, v7 marks a new era of future-proof data protection, enabling PQC today for legacy applications, hybrid cloud, AI, and the edge, while keeping data protected even when infrastructure and identities are compromised. Unlike traditional tools that demand network redesigns or application rewrites, v7 can typically be deployed in days rather than months, without requiring application refactoring or major infrastructure changes.
Centralized, per-flow policies are automatically enforced across hybrid, multi-cloud, on-premises, and edge environments, designed to deliver quantum-safe protection at scale while minimizing additional operational complexity. For organizations looking to close the execution gap, v7 delivers six strategic outcomes: faster deployment, simplified operations, stronger breach resilience, regulatory compliance, future-proof cryptography, and automated policy enforcement across distributed environments.
v7 is available as part of the Certes DPRM platform. For more information visit: https://pages.certes.ai/v7-blueprint-for-quantum
Leave a comment »