TL;DR: Only 34% of organisations report complete certificate visibility, while 74% are highly concerned about certificate sprawl and nearly three-quarters fear outages from expired certificates, according to DigiCert’s 2026 Global PKI Research Report. Manual PKI management is no longer sustainable when machine identities multiply faster than teams can inventory, review, and automate them.
NHIMG editorial — based on content published by DigiCert: DigiCert Research Reveals Major Certificate Visibility Blind Spot for Enterprises
By the numbers:
- Only 34% of organizations report a complete and current view of their digital certificates.
- 74% report the same level of concern about certificate sprawl.
Questions worth separating out
Q: How should security teams govern certificate visibility across distributed environments?
A: Security teams should govern certificates as lifecycle-managed identity objects, not as isolated infrastructure assets.
Q: Why does certificate sprawl increase operational risk?
A: Certificate sprawl increases risk because every additional certificate adds another trust object that can expire, duplicate, or go unowned.
Q: How do organisations know whether certificate lifecycle automation is working?
A: Automation is working when renewals, replacements, and revocations happen without recurring manual intervention or last-minute firefighting.
Practitioner guidance
- Build a single certificate inventory Map every certificate to a system owner, workload owner, expiry date, renewal method, and revocation path.
- Replace spreadsheet tracking with lifecycle automation Automate discovery, renewal, and revocation workflows for certificates that support production services.
- Review certificate sprawl as an identity risk metric Track certificate counts, orphaned certificates, renewal failures, and manual exceptions in the same governance cadence used for NHI and privileged access reviews.
What's in the full report
DigiCert's full report covers the operational detail this post intentionally leaves for the source:
- Survey methodology from Omdia and the respondent profile across regions and industries
- Breakdowns of how organisations are prioritising PKI modernization and certificate lifecycle automation
- Findings on outage concerns, certificate sprawl, and quantum readiness that support board-level reporting
- The report's additional detail on AI and machine identity use cases that extend beyond this summary
👉 Read DigiCert's report on certificate visibility and PKI modernization →
Certificate visibility blind spots: is your PKI ready for AI and outages?
Explore further
Certificate visibility blind spots are now a machine identity governance failure, not a PKI side issue. The article shows that most organisations still cannot maintain a complete and current certificate view, which means ownership, expiry, and dependency data are incomplete at the point of decision. That is a governance failure because certificates are credentials, and credentials without lifecycle visibility are unmanaged trust. Practitioners should treat this as a machine identity control problem.
A few things that frame the scale:
- Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption, according to the 2026 Infrastructure Identity Survey.
- 69% of security leaders agree identity management must fundamentally shift to address agentic AI systems, according to the 2026 Infrastructure Identity Survey.
A question worth separating out:
Q: Which governance frameworks apply to certificate visibility and PKI modernization?
A: NIST Cybersecurity Framework 2.0 is relevant because certificate visibility supports identity, protection, and response functions. Organisations should also align certificate governance with machine identity lifecycle controls so inventory, renewal, and revocation are treated as repeatable controls rather than ad hoc tasks.
👉 Read our full editorial: Certificate visibility blind spots are slowing PKI modernization