The report highlights a widening gap between perceived PKI security effectiveness and regulatory readiness, fueling security exploits in 60% of organisations.
CyberArk, an identity security company, announced the findings of a new report, Trends in PKI Security: A Global Study of Trends, Challenges & Business Impact. Conducted by Ponemon Institute, an independent research firm, the CyberArk-commissioned research analyses perspectives from nearly 2,000 IT and security practitioners globally on the state of public key infrastructure (PKI) security. The finding reveals the outdated PKI systems that are leading barriers to secure certificate management globally.
The report highlights a widening gap between perceived PKI security effectiveness and regulatory readiness, fueling security exploits in 60% of organisations. While organisations in APAC express higher confidence than their global peers in PKI’s ability to defend against external and insider threats, only 45% say they are highly confident their PKI environments can meet compliance requirements.
The findings also point to persistent operational risks, as more than half of APAC organisations have experienced unplanned outages caused by configuration errors and nearly half affected by expired certificates—underscoring persistent challenges around visibility and control. The findings come as PKI environments grow increasingly complex. PKI is a system for creating and managing digital certificates that verify the identities of users and devices.
The following are the report highlights
Legacy PKI systems and rapid certificate growth are major hidden cost drivers for organisations in APAC. While PKI remains critical to digital identity security, fragmented legacy environments and manual processes are struggling to keep pace with rising certificate volumes, widening the gap between demand and organisational capacity.
In APAC, the biggest barriers to secure PKI are the lack of centralised visibility into certificates (39%) and security, compliance and audit failures (38%). On average, organisations manage over 105,000 internal certificates with just three full-time PKI staff, prompting 60% to outsource or plan to outsource PKI management to managed security service providers.
Manual processes continue to amplify operational and security risks. Nearly a third of APAC organisations still rely on manual certificate tracking, with 59% unable to respond effectively to a certificate authority compromise. More than half have experienced unplanned outages due to configuration errors, while nearly half cite expired certificates and skills shortages as key causes of disruption.
The study also finds that automation and unified visibility significantly improve PKI outcomes. However, confidence remains low, with only 45% of APAC respondents highly confident in meeting compliance requirements and fewer than half confident in PKI’s effectiveness against cyber threats. Organisations that invest in modern, automated PKI platforms report fewer outages, lower operational burdens and stronger security and compliance postures.
“PKI plays a vital role in establishing trust, security and privacy in digital communications, but the research shows organisations lack confidence in its ability to defend against evolving threats and support growing device and workload demands,” said Dr Larry Ponemon, Chairman and Founder of the Ponemon Institute.
Empower your business. Get practical tips, market insights, and growth strategies delivered to your inbox
By continuing you agree to our Privacy Policy & Terms & Conditions
