DigiCert warns on certificate sprawl & outage risk

DigiCert has published research showing that only 34% of organisations have a complete, up-to-date view of their digital certificates. The survey points to widespread concern about outages caused by expired certificates.

The study, conducted by Omdia on behalf of DigiCert, surveyed more than 400 senior IT and technology leaders from organisations with more than 1,000 employees across North America, Europe and Asia Pacific. It found that nearly three-quarters were very or extremely concerned about outages linked to expired certificates, while 74% expressed the same level of concern about certificate sprawl.

Digital certificates sit at the heart of public key infrastructure, which organisations use to authenticate systems, secure communications and manage machine identities. The findings suggest many large organisations are struggling to keep track of these assets as digital environments become more distributed and certificate volumes rise.

Lack of visibility emerged as the most commonly cited problem. Only about a third of respondents said they had a full, current view of their certificates, leaving most without a central picture of an area that affects both security and operational continuity.

The report also highlighted weaknesses in how many organisations manage certificate estates. Alongside poor visibility, 51% identified siloed tools as a major challenge, while 47% said they still rely on manual tracking methods such as spreadsheets.

Modernisation push

Against that backdrop, PKI modernisation is moving higher up technology agendas. About 80% of respondents said their organisations were either implementing modernisation programmes or planning them, and more than half expected PKI investment to increase over the next one to three years.

Centralised management featured strongly in the responses, with 76% saying it was business-critical or highly important. The emphasis reflects pressure on technology teams to reduce the risk of service disruption while handling growing numbers of certificates and machine identities.

Organisations are also facing tighter operational conditions as certificate lifespans shrink and infrastructure changes more quickly. Those shifts make manual approaches harder to sustain, especially in large businesses with complex technology estates spanning cloud, on-premise and connected environments.

The research suggests organisations already pursuing modernisation are seeing some operational gains. Among respondents, 64% said they had improved certificate lifecycle automation, while 60% reported fewer outages.

That points to a practical business case for moving away from fragmented, manual management methods. Outages caused by expired certificates can disrupt websites, applications and internal systems, creating both reputational and financial risk for large organisations.

Broader security role

The survey also found that PKI is being applied to a wider range of technology issues beyond traditional certificate management. Roughly 72% to 75% of respondents said PKI would play a key role in securing artificial intelligence systems, reflecting growing interest in how trust and authentication tools can be used in emerging digital environments.

At the same time, preparation for longer-term cryptographic change appears limited. Only 22% of respondents said they had fully assessed their systems for future cryptographic risks, suggesting quantum readiness remains at an early stage for most organisations in the survey.

That gap matters because businesses are being asked to manage immediate operational risks, such as outages and sprawl, while also planning for more fundamental shifts in encryption standards. The combination is adding to the strain on teams responsible for trust infrastructure.

Lakshmi Hanspal, Chief Trust Officer at DigiCert, said the survey showed many organisations had reached the limits of manual processes. "Organisations are reaching a tipping point," Hanspal said. "Certificate sprawl, shrinking certificate lifespans, and growing machine identity complexity have pushed manual PKI management past its limits. Most technology leaders know modernisation is necessary to strengthen resilience, but many are still closing the gap on visibility and automation. The shift that needs to happen is clear: centralised platforms that unify policy, automation, and oversight are becoming the foundation for preventing outages and managing trust at scale."