2026年全球后量子及密码安全趋势报告

JANUARY2026 Contents Foreword3 Introduction7 Key Findings 10 Post-Quantum: The Threat and the Readiness Journey11Cryptographic Security and Management16Trends in PKI and HSMs22Regional Differences32 Methods35 Limitations 39 FOREWORD Cryptographic Security Is at a Tipping Point Cryptographicsecurityhasquietlybecomeoneofthemostcritical-andleastvisible-foundations of modernbusiness.It underpinsidentity,access,dataprotection, and system availability across every digital interaction. Yet todaythat foundation is under unprecedented strain. External mandates, acceleratingthreattimelines,andexpandingcryptographicsprawlareconvergingfasterthanmostorganizations canadapt. Thisyear's studyexamineshow organizationsare responding to these shifts. Enterprises faceimmediateoperational pressurefromrapidlyshortening certificate lifecycles,growingvolumes of keys and secrets, and increasinglyfragmented cryptographic ownership across hybridenvironments. Furthermore, the post-quantum (PQ)threat is no longer theoretical. Organizations arebeing asked to prepare for the eventual failure ofRSA and ECC encryption -while still maintainingsecurity,uptime, and compliance today. become essential capabilities forresilience in theyears ahead. The Quantum Threat Is Here,ButHowPreparedAreWe? Against thebackdrop of risingoperational strain,the post-quantum threat adds a new and urgentdimension. While PQ often dominates headlines, thestudy shows it's colliding with existing cryptographicchallenges-not replacing them. From"harvest now, decrypt later" style attacksthat target long-life data and devices to theavailabilityofNisTpost-quantumcryptography(PQC)standards,thePQera is effectivelyhere.Indeed,24%of global respondentsexpect thearrivalofcryptographicallyrelevantquantumcomputers(CRQCs) that will break traditional public keycryptography such as RSA and ECC within 10 years,witharesounding51%forecastingthatthiswillhappen in as soon as five years. What makes this moment especially challengingis not any single change, but the compoundingeffect of many changes happening at once. Short-lived certificates dramatically increase operationalworkload.PQmigration introduces new architecturaland governance complexity.Expandinguse ofencryptionacross cloud,DevOps,andZero Trustinitiatives multiplies key volumes. And limitedvisibility across cryptographic assets makes all ofthis harder to manage. Together, these forces aretransforming cryptographic security to a tippingpoint-where legacy approaches can no longerkeeppace. Quantum-safe encryption, also referred to asPQC, is the use of new cryptographic algorithmsforthe continued protection of ourdigitaluniversefromthisimminentguantumthreat.Generalglobalguidance is that high-priority systems must bemigrated to PQC by 2030or 2031, with all systemsmigrated by2035.Yet only36%of respondents citegovernmentpolicyandpublic-privatecoordinationonquantumreadinessasmorethanadequatetoday. In the2026Global State of Post-Quantum andCryptographic SecurityTrends,weaskedthePonemon Instituteto examinehow organizationsare navigating this convergence of pressures.Drawing on insights from 4,149 senior IT, securityand risk leaders, across the United States, UnitedKingdom/lreland, Canada, DACH, Indonesia, andSingapore,the report reveals where readinessis advancing, where it is falling behind, and whyvisibility,governance, and crypto-agility have In the U.S., the NSA, NIST, and CISA are all urgingorganizations to start their migration now. The NSAhas advised that all U.S. national security systems willbe quantum-safe by 2033. Also, NIST's initial Crypto-AgilityIstheFoundationof PQCMigration For organizations actively preparing for PQ,progressvaries significantly.Whilemanyhave begun buildingcryptographicstrategies,farfewerhaveestablishedthe foundational crypto-agility neededto executethose plans at scale. Of those actively preparing forPQ, 44% are building their cryptographic strategy.while 32% are compiling their cryptographicinventoryand/or ensuring organization crypto-agility.Thelatterrepresents a 5% year-over-year drop,signaling that the biggest challenge to attainingquantum resistance today is alack of crypto-agility.Only26%of organizationsreporthavingafullyimplementedcrypto-agilitystrategy,withanother31% having a partially implemented one. This inability to discover,or inventory,anorganization'scryptographicestate includingalgorithms, protocols, libraries, keys, anddependencies likeAPls andthird-party integrationsmakes it extremely difficult to transition from onecryptographic systemto anotherwithout impactingalltheinfrastructurearoundit.Typicalblindspotsincludelegacysystems,shadowIT,andsupplychainpartners.Quite simplyyoucan't migrate what youcan't see. Indeed, 41% of respondents say that theinability to improve visibility into their cryptographicinventory is their top impediment to attainingquantum resistance, roughly on par with 43% lastyear.Use of a CryptographicSecurityPlatform(CSP)to unify cryptographic