With the release of NIST’s IR 8547, which sets firm deadlines to phase out classical cryptographic algorithms by 2030 and fully disallow them by 2035, organizations face mounting pressure. They need to evaluate their current cryptographic infrastructures and begin preparing for the shift to post-quantum cryptography (PQC).
In early 2025, Utimaco surveyed over 200 IT security professionals worldwide to understand how organizations are approaching PQC readiness. The survey explored their strategies, challenges, and priorities.
Download the full 2025 PQC Readiness Report
In this blog post, we’ll share key insights and takeaways from the survey, highlighting how industry leaders are navigating the path to quantum resilience.
Key Findings from the 2025 Utimaco PQC Readiness Survey
Public Key Infrastructure: a Top Priority Use Case for PQC
As the backbone of secure public communications, Public Key Infrastructure (PKI) relies heavily on digital certificates, making it essential to adopt quantum-resistant algorithms to ensure long-term data protection and trust. So it’s no surprise that PKI has been named as a top priority in the transition to post-quantum cryptography, with 63% of survey respondents identifying it as one of the most urgent areas for migration.
Legacy systems: a Major Challenge in PQC Migration
Migrating to PQC presents several challenges, with legacy system constraints topping the list for many organizations. In our survey, 56% of respondents cited outdated infrastructure as a key obstacle to PQC adoption.
Many legacy systems aren't equipped to support applications using PQC algorithms, which may require different configurations, higher performance capabilities, or increased storage. Upgrading these systems can be complex and expensive - making it essential for organizations to thoroughly assess compatibility.
To support this transition, Utimaco’s Quantum Protect simulator enables organizations to test post-quantum cryptography algorithms within their existing environments, helping identify potential issues and plan a smoother migration path tailored to their specific use cases.
PQC Migration Timeline: Action Needed Within 1–3 years
While many organizations anticipate Q-Day - the advent of a cryptanalytically relevant quantum computer - around 2030, the threat to long-term data confidentiality and digital signatures is already present. Recognizing this, more than 50% of respondents in our survey reported that they are either already actively migrating to post-quantum cryptography or plan to begin within the next one to three years. The message is clear: early action is critical to staying ahead of quantum threats.
Quantum-resistant Strategies: Hybrid Cryptography Leads the Way
When it comes to building quantum-resistant security strategies, most organizations are taking a cautious and pragmatic approach. Only 17% of survey respondents plan to rely solely on post-quantum cryptographic algorithms, while a significant 63% favor a hybrid model - combining classical and PQC algorithms. This strategy reflects ongoing uncertainty around PQC standards and is widely seen as the most practical path for a smooth and secure transition into the quantum era.
Want the Full Insights?
Explore the detailed findings in the 2025 Utimaco PQC Readiness Report.