Legacy PKI puts digital identities at risk

Source: CyberArk infographic. Chart and statistics. Where PKI leaders are investing next.
Source: CyberArk infographic. Where PKI leaders are investing next.

CyberArk, the global identity security provider, has released Trends in PKI Security: A Global Study of Trends, Challenges & Business Impact*. The research revealed that outdated public key infrastructure (PKI) systems are the leading barrier to secure certificate management, fuelling security exploits in 60% of organisations.

PKI is a system for creating and managing digital certificates that verify the identities of users and devices. Modern identity demands – driven by the rise of machine and workload identities across cloud native and Zero Trust environments – have resulted in unprecedented certificate growth and complexity.

While PKI remains essential for secure digital identity, legacy systems with fragmented approaches and manual, human-led processes can’t keep up with today’s certificate needs, the report found. Without a modern, automated approach, the gap between certificate demand and organisational capacity will only widen, leading to resource constraints and increased operational costs for organisations. 

Some of the findings include:

- A third (34%) of organisations cited legacy PKI costs and risks as the top barrier to securing PKI. 

- On average, organisations oversee more than 114,000 internal certificates but have only four full-time staff dedicated to PKI management.

- Six in 10 (63%) are forced to outsource PKI management due to resource and expertise shortages.

Manual tracking and renewal processes are both inefficient and potentially risky for organisations, causing costly services disruption and security exploits. over half (56%) have suffered unplanned outages due to expired certificates or configuration errors: 

- Six in 10 experienced security exploits as a result of weak cryptography.

- Nearly six in 10 (58%) suffered third-party certificate authority (CA) compromises. 

- Four in 10 (43%) experienced server private key theft.  

“The rapid expansion of machine identities has completely changed the PKI operating model. The complexity of managing an increasing number of certificates is compounded by legacy systems, manual processes and resource constraints,” said Kurt Sand, GM of Machine Identity Security at CyberArk. 

“As certificate volumes grow and certificate lifespans continue to shrink, the financial and operational impact of unmanaged PKI will escalate rapidly. Now is the time for organisations to automate and modernise their PKI to reduce operational burdens and improve their overall security posture.”

The report found that overall confidence in compliance and security is low. Organisations investing in automation and unified visibility see reduced operational burdens, fewer outages and better levels of PKI compliance. Only 46% of organisations are highly confident that their PKI can meet compliance requirements, and under half (48%) are certain that their PKI is effective against cyberattacks or internal threats. 

Organisations with high confidence in their PKI compliance are more likely to have unified visibility into their certificate inventory (75% vs 47% overall). Most (61%) of these organisations have adopted AI as part of their PKI strategy, against 50% of the overall sample.  

“PKI is critically important to ensuring trust, security and privacy in digital communications. However, as shown in the research, organisations lack confidence in the ability of PKI to protect against security threats and keep up with their growing devices and workload demand,” said Dr Larry Ponemon, Chairman and founder of Ponemon Institute. 

“To increase PKI’s effectiveness, I believe more companies will be adopting AI to reduce operational burdens and have stronger security outcomes.”

Explore:

To download the full report and access additional study findings, visit https://www.cyberark.com/resources/analyst-reports/ponemon-institute-trends-in-pki-security-a-global-study-of-trends-challenges-business-impact

*Conducted by Ponemon Institute, an independent research firm, the CyberArk-commissioned research analyses perspectives from nearly 2,000 IT and security practitioners globally on the state of PKI security.  

Comments

Post a Comment

Popular posts from this blog

Fortinet enhances FortiRecon to align with CTEM framework

Fortinet, the global cybersecurity provider driving the convergence of networking and security, has turned the FortiRecon platform into a comprehensive solution aligned with the continuous threat exposure management (CTEM) framework. The latest release introduces expanded internal attack surface monitoring, adversary-centric dark web intelligence, and security orchestration, all in a unified platform. These enhancements help organisations proactively identify and prioritise real-world exposures, validate risks like an attacker would, and accelerate response. “CISOs and security teams are overwhelmed by growing attack surfaces and an endless stream of unprioritised alerts,” said Nirav Shah, Senior VP of Products and Solutions at Fortinet. “With the latest enhancements to FortiRecon , we’re giving organisations an attacker’s eye view of their internal and external exposures, backed by AI-powered threat intelligence from FortiGuard Labs, real-world validation, and automated response...
Read more

SentinelOne recognised as a 2025 Gartner Peer Insights Customers’ Choice for XDR

SentinelOne, a global provider of AI-powered security, has been named a Customers’ Choice in the 2025 Gartner Peer Insights ‘Voice of the Customer’ for Extended Detection and Response (XDR) report* – one of only two companies with this distinction. A hundred and forty-four users reviewed SentinelOne's Singularity Platform, and 97% said they would recommend the solution to respond to threats across endpoints with AI-powered security, while 97% rated the solution four stars or better.** “With the growing complexity of cyberthreats, organisations need more than siloed security—they need AI-powered, autonomous protection that delivers real-time detection and response across their entire attack surface. Customers have made it clear that SentinelOne’s XDR provides the intelligence, automation, and efficiency they need to stay ahead of threats and secure their environments with confidence,” said Ely Kahn, VP, Product Management, SentinelOne. Gartner defines extended detection and ...
Read more

AWS: AI adoption grows 20% in Singapore

Image
Amazon Web Services (AWS), an Amazon.com company, has found* that AI adoption continues to accelerate in Singapore. In the past year alone, 27,000 1 Singapore businesses adopted AI for the first time—equivalent to over three new adopters every hour. In sum, nearly 170,000 (48%) of businesses in Singapore have adopted AI 2 , up from approximately 143,000 (40%) a year ago. This represents a 20% year-over-year growth rate, AWS said. AI adoption is the strongest in the financial services industry (71%), followed by the technology sector ( software developers, data analytics firms, cloud service providers, and digital startups) at 70%, and healthcare at 63%. Among Singapore’s businesses that have adopted AI, 82% reported an increase in revenue, at an average increase of 19%, while 90% report significant productivity improvements. A large majority (85%) of those who have adopted AI say the technology is likely to increase their growth in the next year, and 89% expect an average of 17%...
Read more