Research & Data
The State of Post-Quantum Readiness in 2026: We Externally Scanned 100 Major Organizations
We externally scanned 100 major organizations' TLS in 2026: 100% of certificates use quantum-vulnerable RSA/ECC, and 6% still allow deprecated TLS.
The State of Post Quantum Readiness in 2026: We Externally Scanned 100 Major Organizations Every encrypted connection on the public web today depends on cryptography that a future quantum computer is expected to break. To see what that looks like in practice — not in theory — we ran CipherReady's external, metadata only readiness scan against the public facing TLS of 100 large organizations across five sectors in June 2026. The single clearest finding: of the 95 organizations presenting a readable certificate, 100% used quantum vulnerable public key cryptography (RSA or ECC). Not most. All of them. That is not an indictment of any one organization. It is the industry baseline — and it is exactly why building a cryptographic inventory is the first step every security team needs to take. How we measured this We assessed the apex domain of 100 well known organizations — 20 each in financial services, healthcare, government, technology/SaaS, and retail/consumer. The assessment is external and metadata only : the same kind of passive observation a web browser, a search engine crawler, or a tool like Qualys SSL Labs performs. We complete a TLS handshake to read the certificate and the supported protocol versions, resolve DNS, and read the public HTTP security headers. There is no authentication, no intrusive testing, and no exploitation of any kind. We report only aggregate, anonymized statistics — no individual organization is named or scored. Of the 100 domains, 96 were reachable over HTTPS and 95 presented a certificate we could read. The percentages below use those reachable/cert bearing hosts as the denominator. Want this picture for your own domains? Run a free CipherReady readiness scan and get a cryptographic inventory of your public TLS, certificates, and algorithms in about 3 minutes — the same external, metadata only method, on the domains you own. Finding 1: 100% of certificates rely on quantum vulnerable cryptography Across all 95 readable certificates, every single one used RSA or ECC — roughly 71% RSA and 29% ECC . Both are public key algorithms whose security rests on math (integer factorization for RSA, discrete logarithms for ECC) that Shor's algorithm solves efficiently on a cryptographically relevant quantum computer (CRQC) . Larger key sizes don't help: a 4096 bit RSA key buys a little time over 2048 bit, but it is the same broken by Shor's problem. This is the headline precisely because it is unanimous. The world's best resourced banks, hospitals, federal agencies, and technology companies are, today, 100% dependent on cryptography the post quantum standards are designed to replace. The destination is already defined: on August 13, 2024, NIST finalized FIPS 203 (ML KEM), 204 (ML DSA), and 205 (SLH DSA). The gap between that destination and the universal RSA/ECC reality above is the entire post quantum migration — and you can't plan a migration you can't measure. Finding 2: Modern TLS is winning — but deprecated protocols still linger The protocol picture is healthier. 98% of reachable hosts supported TLS 1.2 and 69% supported TLS 1.3 — modern, well regarded transport security. The concern is the tail: 6% still accepted deprecated TLS 1.0 or 1.1 , protocols the IETF formally deprecated in 2021 (RFC 8996). That number isn't zero, and it wasn't evenly distributed — healthcare was the weakest at 11% , while government domains came in at 0% . Deprecated TLS rarely shows up in a dashboard because the site still "works." It's e