Forescout Data: PQC Adoption Growing Fast, but 90% of Systems Still Exposed
June 24, 2026 — Forescout Research – Vedere Labs published its latest PQC adoption analysis, drawing on internet-wide scans of over 160 million SSH hosts and enterprise network telemetry from the company’s Device Cloud. The findings: PQC-capable SSH servers grew 72% year over year, from 11.5 million to over 19 million, but still account for only 11.8% of all SSH servers on the internet. Nearly 90% remain without post-quantum key exchange support.
The research tracks adoption across two protocols, SSH and TLS, using Censys and Shodan for internet-scale data and Forescout’s own enterprise device telemetry for organizational networks.
On the SSH side, the 11 most popular key exchange algorithms across those 160 million hosts are all classical Diffie-Hellman or ECDH variants — all vulnerable to Shor’s algorithm. The most widely deployed PQC key exchange algorithm is SNTRUP (the default in OpenSSH versions 9.0 through 9.9), running on approximately 13.7 million hosts (8.5%). ML-KEM (the default since OpenSSH 10) is gaining rapidly, with mlkem768x25519-sha256 growing 184% since August 2025, but it currently runs on roughly 1.8 million hosts (1.1%).
The growth is driven almost entirely by OpenSSH version upgrades. Legacy OpenSSH versions (7.0 through 8.9) declined from 75% to 60% of identified servers over the past year, while PQC-capable versions (9.x and 10.x) rose from 21% to 37%. OpenSSH runs on over 80% of identified SSH servers, so its version distribution largely determines the internet’s PQC posture.
Enterprise Device Breakdown: The OT and Medical Device Gap
The enterprise data tells a more granular story. Using Forescout’s Device Cloud, the research team broke down PQC-capable OpenSSH adoption by device type. IT devices lead at 50%. IoT drops to 28%. OT falls to 16%. Internet of Medical Things (IoMT) devices sit at just 6%.
Every device category showed growth between August 2025 and April 2026. IoMT had the fastest growth rate but remains the furthest behind in absolute adoption. Forescout’s assessment: at the current pace, no asset class is likely to be fully migrated by 2029.
On the TLS side, TLSv1.3 — the only TLS version positioned to support PQC — grew from 19% to 30% of identified internet servers, overtaking TLSv1.1 to become the second most popular version behind TLSv1.2 (which held steady at 43%). Within enterprise networks, PQC-capable TLS adoption mirrors the SSH pattern: 8% for IT devices, 5.6% for IoT and IoMT, and 0.8% for OT.
Forescout combined these adoption figures with its risk scoring methodology and found that two-thirds of OT devices and nearly half of IoT devices in enterprise networks carry both critical risk scores and no PQC capability on TLS.
The report references an April 2026 MITRE discussion paper on cybersecurity risks for medical devices, which identified three interconnected challenges for PQC migration in medical equipment: higher memory and computation costs, interoperability with legacy devices, and extended transition timelines driven by safety certification requirements and long device lifespans. CISA published similar analysis for OT environments in October 2024.
Alongside the research, Forescout announced PQC Readiness and Encryption Hygiene Dashboards, built on patented technology for detecting non-quantum-safe encryption across IT, OT, and IoT environments. The dashboards visualize which devices in an organization’s network support PQC and which carry the highest risk exposure.
My Analysis
This is among the best empirical PQC adoption data publicly available, and the findings are sobering, though not for the reasons the headline suggests.
The 90% figure is technically accurate but somewhat misleading as a measure of migration progress. The SSH servers that have adopted PQC mostly did so passively: their administrators updated OpenSSH through routine package management, and the newer versions shipped with PQC key exchange enabled by default. Nobody had to make a conscious decision to “migrate to PQC” — they just kept their SSH software current, and PQC came along for free. That’s the same dynamic I analyzed when OpenSSL 3.5 shipped PQC by default in April 2025, and it tells us something important: the easiest PQC migration will happen automatically through software update cycles on managed IT systems that were already being maintained.
The concerning part of this report is everything that falls outside that automatic upgrade path.
The device-type breakdown is where the real migration challenge comes into focus. IT devices at 50% PQC SSH capability versus IoMT at 6% is a gap that routine software updates will not close. Medical devices run on embedded systems with vendor-controlled firmware, regulatory approval cycles measured in years, and operational lifetimes that can span decades. OT environments face similar constraints: proprietary protocols, safety certification requirements, and change windows governed by production schedules rather than patch cycles. I covered these OT and IoT-specific challenges in detail in my analysis of PQC network connectivity impacts, and in Chapter 17 of Quantum Ready, where I walk through the vendor dependency problem that makes these devices so difficult to migrate. The vendor won’t ship PQC firmware until it’s ready. The organization can’t migrate until the vendor ships. And the vendor has limited incentive to rush because its installed base is locked in.
That last-mile problem matters more now than it did a year ago. In the week before Forescout published this data, President Trump signed Executive Order 14413, setting hard 2030 and 2031 deadlines for federal PQC migration. The Department of War’s PQC Strategy published the same week reinforces those dates. CNSA 2.0 requires exclusive PQC use for networking equipment by 2030. NIST IR 8547 proposes deprecating 112-bit classical algorithms the same year. The UK NCSC’s roadmap targets 2028, 2031, and 2035 milestones. The EU’s Coordinated Implementation Roadmap expects high-risk systems migrated by 2030.
These deadlines are approaching regardless of the actual Q-Day timeline. As I’ve argued repeatedly, the reason to act now is not Q-Day predictions — it’s the ecosystem-driven deadlines that regulators, insurers, investors, and customers are already enforcing. Forescout’s data gives those arguments empirical teeth: if 94% of medical devices and 84% of OT devices lack PQC-capable SSH today, and MITRE is warning that medical device PQC migration requires close manufacturer-operator collaboration with extended timelines, the math on meeting 2030 deadlines for these asset classes is grim.
Forescout’s recommendation to use Secure Remote Access gateways as a bridge for devices that can’t be upgraded is pragmatic, and it’s the same principle behind the bridge patterns I describe in the PQC Migration Framework: when an endpoint can’t do PQC, push the quantum-safe termination to the nearest upgradeable choke point and restrict the exposure of the unprotected link. It is a mitigation, not a solution, and it leaves the Harvest Now, Decrypt Later (HNDL) risk partially unresolved for any data that transits the unprotected segment. But for OT and IoMT devices that won’t see PQC firmware for years, it may be the only viable near-term option.
A disclosure worth noting: Forescout published this research alongside the launch of its PQC Readiness Dashboard product. The data is methodologically sound — Censys and Shodan scans are independently verifiable, and the enterprise telemetry comes from a large device fleet — but the research also serves the commercial purpose of demonstrating why organizations need the very product Forescout is selling. That’s standard practice for vendor-funded security research, and the data doesn’t appear to be skewed by the commercial interest, but readers should be aware of the context.
The bottom line for organizations running PQC migration programs: the IT layer will mostly take care of itself through software update cycles. The migration battle is in OT, IoT, and medical devices, where every percentage point of adoption requires deliberate vendor engagement, firmware qualification, and operational planning. If your cryptographic inventory doesn’t break down PQC readiness by device type the way Forescout’s data does, you’re measuring the easy part and ignoring the hard part.
My company – Applied Quantum – helps governments, enterprises, and investors prepare for both the upside and the risk of quantum technologies. We deliver concise board and investor briefings; demystify quantum computing, sensing, and communications; craft national and corporate strategies to capture advantage; and turn plans into delivery. We help you mitigate the quantum risk by executing crypto-inventory, crypto-agility implementation, PQC migration, and broader defenses against the quantum threat. We run vendor due diligence, proof-of-value pilots, standards and policy alignment, workforce training, and procurement support, then oversee implementation across your organization. Contact me if you want help.