96 percent of organizations worry about the impact of shorter certificate life

The radical shortening of SSL/TLS certificate lifespans from 398 days to 47 days by 2029 is shaking up the cybersecurity world. New research shows 96 percent of organizations are concerned about the impact of shorter SSL/TLS certificate lifespans on their business.

The study from Sectigo, developed in collaboration with global research firm Omdia, surveyed over 270 IT decision makers and finds fewer than one in five organizations feel very prepared to support the coming shift to 47-day certificate renewal cycles.

Only five percent have fully automated certificate management, leaving a staggering 95 percent who remain at least partially dependent on manual processes, dramatically increasing operational and disruption risk as renewal frequencies accelerate.

At the same time just 28 percent have a complete certificate inventory, and only 13 percent are extremely confident they are tracking all -- even rogue -- certificates.

“SSL/TLS public certificates and their underlying cryptography have been remarkably stable for 30 years, acting as an invisible component of IT infrastructure, but that era is over,” says Tim Callan, chief compliance officer at Sectigo. “Today, certificates are front and center in the fight to secure our digital future. Building certificate agility now is the fastest path to achieving the crypto agility required for post-quantum cryptography readiness later.”

See also:
Business not prepared for shift to 90-day TLS certificates
90-day certificates to drive spike in outages unless businesses act now

What’s also significant is that 90 percent of organizations recognize an overlap between their preparedness efforts for short-lived certificates and post-quantum cryptography readiness, with the transition to 47-day certificates serving as an essential onramp to PQC adoption. Yet overall organizational readiness for either remains critically low.

The research finds 98 percent of organizations have or expect to experience challenges with PQC implementation and 92 percent expect to encounter some sort of barrier during PQC implementation. Only 14 percent have conducted a full assessment of quantum-vulnerable systems.

"The data underscores a critical inflection point for enterprises," says Rik Turner, chief analyst, cybersecurity, at Omdia. "Managing shorter certificate lifecycles cannot be treated as a separate IT task; it is central to building crypto agility necessary for the PQC transition. The coming years will test organizations' ability to adapt their cryptographic infrastructure at scale under pressure, and those who fail to prepare now face heightened operational and cybersecurity risk."

You can get the full report from the Sectigo site.

Image credit: funtap/depositphotos.com