2026年全球后量子与密码安全趋势

JANUARY2026 Contents Foreword3 Introduction7 Key Findings 10 Post-Quantum: The Threat and the Readiness Journey11Cryptographic Security and Management16Trends in PKI and HSMs22Regional Differences32 Methods35 Limitations 39 FOREWORDCryptographic Security Is at a Tipping Point Cryptographic security has quietly become one of the most critical – and leastvisible – foundations of modern business. It underpins identity, access, dataprotection, and system availability across every digital interaction. Yet today,that foundation is under unprecedented strain. External mandates, acceleratingthreat timelines, and expanding cryptographic sprawl are converging faster thanmost organizations can adapt. This year’s study examines how organizationsare responding to these shifts. Enterprises faceimmediate operational pressure from rapidlyshortening certificate lifecycles, growingvolumes of keys and secrets, and increasinglyfragmented cryptographic ownership across hybridenvironments. Furthermore, the post-quantum (PQ)threat is no longer theoretical. Organizations arebeing asked to prepare for the eventual failure ofRSA and ECC encryption – while still maintainingsecurity, uptime, and compliance today. become essential capabilities for resilience in theyears ahead. The Quantum Threat Is Here,But How Prepared Are We? Against the backdrop of rising operational strain,the post-quantum threat adds a new and urgentdimension. While PQ often dominates headlines, thestudy shows it’s colliding with existing cryptographicchallenges – not replacing them. From “harvest now, decrypt later” style attacksthat target long-life data and devices to theavailability of NIST post-quantum cryptography(PQC) standards, the PQ era is effectively here.Indeed, 24% of global respondents expect the arrivalofcryptographically relevant quantum computers(CRQCs) that will break traditional public keycryptography such as RSA and ECC within 10 years,with a resounding 51% forecasting that this willhappen in as soon as five years. What makes this moment especially challengingis not any single change, but the compoundingeffect of many changes happening at once. Short-lived certificates dramatically increase operationalworkload. PQ migration introduces new architecturaland governance complexity. Expanding use ofencryption across cloud, DevOps, and Zero Trustinitiatives multiplies key volumes. And limitedvisibility across cryptographic assets makes all ofthis harder to manage. Together, these forces aretransforming cryptographic security to a tippingpoint – where legacy approaches can no longerkeep pace. Quantum-safe encryption, also referred to asPQC, is the use of new cryptographic algorithmsfor the continued protection of our digital universefromthis imminent quantum threat. General globalguidance is that high-priority systems must bemigrated to PQC by 2030 or 2031, with all systemsmigrated by 2035. Yet only 36% of respondents citegovernment policy and public-private coordinationon quantum readiness as more than adequate today. In the 2026 Global State of Post-Quantum andCryptographic Security Trends, we asked thePonemon Institute to examine how organizationsare navigating this convergence of pressures.Drawing on insights from 4,149 senior IT, security,and risk leaders, across the United States, UnitedKingdom/Ireland, Canada, DACH, Indonesia, andSingapore, the report reveals where readinessis advancing, where it is falling behind, and whyvisibility, governance, and crypto-agility have In the U.S., the NSA, NIST, and CISA are all urgingorganizations to start their migration now. The NSAhas advised that all U.S. national security systems willbe quantum-safe by 2033. Also, NIST’s initial Crypto-Agility Is the Foundationof PQC Migration For organizations actively preparing for PQ, progressvaries significantly. While many have begun buildingcryptographic strategies, far fewer have establishedthe foundational crypto-agility needed to executethose plans at scale. Of those actively preparing forPQ, 44% are building their cryptographic strategy,while 32% are compiling their cryptographicinventory and/or ensuring organization crypto-agility.The latter represents a 5% year-over-year drop,signaling that the biggest challenge to attainingquantum resistance today is a lack of crypto-agility.Only 26% of organizations report having a fullyimplemented crypto-agility strategy, with another31% having a partially implemented one. This inability to discover, or inventory, anorganization’s cryptographic estate includingalgorithms, protocols, libraries, keys, anddependencies like APIs and third-party integrationsmakes it extremely difficult to transition from onecryptographic system to another without impactingall the infrastructure around it. Typical blind spotsinclude legacy systems, shadow IT, and supply chainpartners. Quite simply, you can’t migrate what youcan’t see. Indeed, 41% of respondents say that theinability to improve visibility into their cryptog