New research commissioned by DigiCert has found that only 34% of organisations say they have a complete and current view of their digital certificates, despite widespread concern about outages caused by expired certificates.
The findings are detailed in DigiCert’s 2026 Global PKI Research Report, ‘PKI Under Pressure: The Tipping Point for Modernisation’. The study, conducted by research firm Omdia, surveyed more than 400 senior IT and technology leaders across North America, Europe and Asia Pacific at organisations with more than 1,000 employees.
According to the report, nearly three-quarters of respondents said they were very or extremely concerned about outages caused by expired certificates. A similar proportion (74%) reported high concern about certificate sprawl. The report links these concerns to growing volumes of certificates and machine identities, alongside shorter certificate lifespans and increasingly distributed digital infrastructure.
The report also indicates that about 80% of organisations are either implementing or planning public key infrastructure (PKI) modernisation initiatives, and more than half expect PKI investment to increase over the next one to three years.
“Organisations are reaching a tipping point,” said Lakshmi Hanspal, Chief Trust Officer at DigiCert. “Certificate sprawl, shrinking certificate lifespans, and growing machine identity complexity have pushed manual PKI management past its limits. Most technology leaders know modernisation is necessary to strengthen resilience, but many are still closing the gap on visibility and automation. The shift that needs to happen is clear, centralised platforms that unify policy, automation, and oversight are becoming the foundation for preventing outages and managing trust at scale.”
Other findings cited in the report include:
- 76% of organisations said centralised management is business critical or highly important
- Lack of visibility was identified as the top challenge, followed by siloed solutions (51%) and manual tracking methods such as spreadsheets (47%)
- 64% reported improved certificate lifecycle automation and 60% reported fewer outages as a result of modernisation
- Around 72% to 75% said PKI will play a key role in securing artificial intelligence systems
- 22% said they had fully assessed systems for future cryptographic risks linked to quantum computing
The report adds to ongoing industry discussion about operational risk created by unmanaged certificates and machine identities, particularly as organisations expand cloud services, automation, and software-driven infrastructure. In security terms, gaps in certificate visibility can contribute to outages and complicate incident response by obscuring where cryptographic identities are deployed and how they are governed.
You can read the full report here.
