![[Webinar Recap] Is B2B ready for synthetic sample? Yes – if you know how to augment it](https://www.newtonx.com/wp-content/uploads/2024/10/Webinar-synthetic-sample-greenbook-1024-1920px-feature-image-1-300x169.jpg)
![[Webinar Recap] The future of B2B research starts with the death of panels](https://www.newtonx.com/wp-content/uploads/2024/07/TKH-8.22-Karine-Pepin-webinar-1920px-feature-image-300x169.jpg)
![[Webinar Recap] Ditch the Bad Data with Greenbook’s Lenny Murphy as Your Guide](https://www.newtonx.com/wp-content/uploads/2024/05/tkh-greenbook-newtonx-lenny-murphy-cutting-research-cost-speakers-v-21920px-feature-image-300x169.jpg)
The clock on digital certificate management is running out. HID wanted to know if anyone was watching it
By 2029, TLS/SSL certificate lifespans will shrink from 398 days to just 47. HID partnered with NewtonX to find out how ready the industry actually was—and they discovered an infrastructure gap most organizations haven't priced in.
A quiet crisis in public key infrastructure (PKI)
Digital certificates are what make secure communication on the internet possible. They encrypt data so that information sent between systems—like websites, apps, and connected devices—cannot be read or altered by outsiders. For years, this encryption has quietly done its job in the background. Certificates lasted a long time, renewals were infrequent, and many organizations managed them manually without serious risk.
That simplicity is coming to an end.
To stay ahead of future quantum computers that could break today’s encryption, regulators and industry bodies are dramatically shortening how long certificates can be trusted. TLS/SSL certificates that once lasted just over a year will be valid for only weeks by 2029. What used to be an occasional upkeep task is becoming a continuous requirement—making manual handling impractical and putting secure communication at risk for organizations that don’t modernize.
For more than 30 years, HID has built the infrastructure that keeps digital identities secure. They saw this coming. But they needed evidence—a snapshot of where IT and security leaders actually stood, and what barriers would determine who navigated the shift and who got caught flat-footed.
Finding the people who live the problem
For a PKI study this ambitious, the findings only matter if the people behind them have real authority over real infrastructure.
NewtonX recruited 303 verified cross-industry IT and security leaders—CIOs, CISOs, CTOs, VPs, and security directors—distributed across the US and Europe. The seniority mix was intentional, as PKI decisions don’t live in one layer of an organization, and neither do the gaps the research was designed to expose. And the US and Europe distribution added another dimension: With regulatory timelines for certificate lifespan changes playing out differently across regions, the geographic spread gave the benchmark genuine cross-market relevance.
What the data found—and what it means for the next three years
Most organizations are still renewing certificates manually, and 52% of IT and security leaders cite it as their biggest barrier to effective management. The cost of that gap is measurable and significant: Organizations without automated renewal are 3.5 times more likely to experience frequent PKI-related incidents.
What 303 IT and security leaders revealed:
- 3.5x: How much more likely organizations without automation are to experience frequent PKI-related incidents
- Once per quarter: the new industry benchmark for certificate-related incidents
- 16% vs. 12%: More organizations are issuing certificates for AI agents than running post-quantum cryptography (PQC) pilots
- 2.5x: How much more likely organizations using a unified certificate lifecycle management (CLM) platform are to report zero incidents
- 61%: Share of leaders planning to invest in automation within 24 months
The emerging technology findings subverted conventional wisdom. The industry has talked about PQC as the next frontier, but more organizations are already issuing certificates for AI agents than running PQC pilots. Agentic identity is being secured before quantum resistance is being built. That’s a sequencing gap worth keeping an eye on.
The infrastructure picture is equally complicated: 76% of organizations have moved some components to the cloud, yet 67% of large enterprises still prefer hybrid deployments. The migration isn’t clean or complete, yet many vendors are selling like it is.
Furthermore, 61% of leaders plan to invest in automation within 24 months. The market is moving. The question is who leads it.
Building the roadmap an industry needed
The landmark study, PKI in the Age of AI and Automation: The Top Trends Driving Digital Trust, gave HID something most solution providers can’t claim: a data-backed case for why the decisions organizations make in the next two years will determine their resilience for the rest of the decade. The finding that organizations using a single, unified CLM platform are 2.5 times more likely to report zero incidents doesn’t just support HID’s value to customers—it reframes the conversation from focusing on features to focusing on outcomes.
Security leaders finally had a clear benchmark for where they needed to go. Industry response was immediate. Security Info Watch highlighted the report’s timeliness, noting it pointed to “a growing need for scalable, integrated solutions as certificate lifespans shrink.” rAVe Publications zeroed in on the AI agent findings—the revelation that 34% of organizations already cite AI agent certificates as a top trend—as evidence that the PKI community is adapting to AI-driven trust requirements well ahead of formal standards.