Public key infrastructure (PKI) certificates may be invisible to most, but they form the backbone of digital trust by authenticating users, devices, and applications that power the digital economy.
Yet as organisations expand their digital footprint, the volume and complexity of certificates are overwhelming outdated management methods.
According to DigiCert’s Trust Pulse Survey, 45% of enterprises reported service outages tied to certificate-related issues over the past year, with 38% citing expired certificates as the direct cause.
The financial and operational fallout is significant. Nearly a third of organisations (31%) suffered losses between US$50,000 ($64,000) and US$250,000, while 19% incurred damages exceeding $250,000. More than half endured between five and 24 hours of downtime, while 16% reported outages stretching beyond 25 hours.
Despite the critical role certificates play in securing infrastructure, communications, and identity, many firms still manage them manually or with siloed tools, putting compliance and customer trust at risk.
Rules — such as the Payment Card Industry Data Security Standard (PCI DSS) and the upcoming Certification Authority Browser Forum (CA/B Forum) changes – also demand tighter certificate governance. Moreover, major web browsers will enforce 47-day certificate lifespans by 2029, adding pressure to already stretched IT teams.
See also: How GoTo builds a foundation for AI with Alibaba Cloud
These challenges will intensify, with 80% of organisations expecting certificate volumes to increase in the next 12 months. While most respondents manage between 1,000 and 10,000 certificates, 57% lack confidence in tracking expiration dates accurately.
The good news is that to address the mounting risk, 51% of respondents identified automated certificate lifecycle management as a top strategic priority for 2025, followed by IoT certificate standardisation (50%).
“The survey findings make one thing clear: manual approaches can’t keep up with the scale, speed, and scrutiny organisations are under today. Enterprises need automation and visibility to reduce risk, maintain compliance, and preserve customer trust. Certificate management is no longer a tactical task—it’s a strategic necessity worthy of the same maturity and governance as other foundational disciplines like identity management,” says Ashley Stevenson, vice president of Product and Solutions Marketing at DigiCert.
