IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Tangled rusty circuit padlock over cloud servers outdated security
#
Encryption
#
Cloud Security
#
IAM

Legacy PKI blamed for outages & rising security risk

Thu, 22nd Jan 2026
Author image
By Mark Tarre, News Chief

CyberArk has published new survey findings that link legacy public key infrastructure systems and manual certificate management to service disruptions and security incidents across organisations worldwide.

The research, conducted by Ponemon Institute, draws on responses from nearly 2,000 IT and security practitioners globally. It examines how organisations manage digital certificates and the operational impact when certificate processes fail.

Public key infrastructure, or PKI, underpins certificate-based authentication used across users, devices and applications. The study points to sharp growth in machine and workload identities as a major driver of certificate volume and complexity. It cites cloud native and zero trust environments as areas where organisations see rising demand.

Legacy pressure

The findings suggest many organisations still run PKI in ways that struggle with scale. Respondents highlighted legacy tooling, fragmented management and human-led processes. The report says these factors slow certificate lifecycle work such as issuance, tracking and renewal.

According to the survey, 34% of organisations cited legacy PKI costs and risks as the top barrier to secure PKI. On average, respondents said their organisations oversee more than 114,000 internal certificates. They also reported a mean of four full-time staff dedicated to PKI management.

The study also indicates a reliance on external support for PKI operations. It found that 63% of organisations outsource PKI management due to resource and expertise shortages.

Outages and incidents

The report links manual processes to operational disruption. It found that 56% of organisations suffered unplanned outages due to expired certificates or configuration errors.

The survey also describes security impacts tied to cryptography weaknesses and key handling. It found that 60% of organisations experienced security exploits as a result of weak cryptography. It also reported that 58% suffered third-party certificate authority compromises, while 43% experienced server private key theft.

CyberArk said outdated PKI systems represent a barrier to secure certificate management. It stated that these systems contribute to exploit activity in 60% of organisations.

"The rapid expansion of machine identities has completely changed the PKI operating model. The complexity of managing an increasing number of certificates is compounded by legacy systems, manual processes and resource constraints," said Kurt Sand, GM of Machine Identity Security, CyberArk.

Sand also pointed to operational consequences from shifting certificate practices. "As certificate volumes grow and certificate lifespans continue to shrink, the financial and operational impact of unmanaged PKI will escalate rapidly. Now is the time for organizations to automate and modernize their PKI to reduce operational burdens and improve their overall security posture," said Sand.

Confidence gap

The research also explores confidence levels in PKI compliance and security. It found that only 46% of organisations are highly confident that their PKI can meet compliance requirements. Less than half, 48%, said they are certain their PKI is effective against cyberattacks or internal threats.

The report draws a connection between confidence and visibility into certificate inventory. It found that organisations with high confidence in their PKI compliance are more likely to have unified visibility into their certificate inventory, at 75% compared with 47% overall.

The study also asked organisations about AI use in PKI-related strategies. It found that 61% of organisations with high confidence in PKI compliance have adopted AI as part of their PKI strategy, compared with 50% of the overall sample.

One brief context point precedes the next quote: Ponemon Institute specialises in security and privacy research.

"PKI is critically important to ensuring trust, security and privacy in digital communications. However, as shown in the research, organizations lack confidence in the ability of PKI to protect against security threats and keep up with their growing devices and workload demand," said Dr. Larry Ponemon, Chairman and Founder, Ponemon Institute. "To increase PKI's effectiveness, I believe more companies will be adopting AI to reduce operational burdens and have stronger security outcomes," said Ponemon.

CyberArk said organisations that invest in automation and unified visibility report fewer outages and improved PKI compliance. The company said certificate volumes continue to rise as more machine identities enter production environments.

Related stories
Bitsight unveils dark web tool to secure supply chains
How five digital forces will redefine banking by 2026
Armis unveils AI-native Centrix platform for app security
Fluent Cargo, Sea Sentinel AI team to cut port risk
monday.com grows on AI demand as large clients surge

Top stories

Trane Technologies to buy LiquidStack in AI cooling push
Object First triples growth on ransomware-proof backups
Telehouse Europe appoints Chris Lamb as Enterprise Director
Study finds 28,000 fake domains mimic top websites
Java use surges in AI as Oracle pricing drives shift