• Certificate lifespans are shrinking from 398 days today to just 47 days by 2029
• Transitioning to automated renewals will dramatically decrease labor costs
• CyberArk’s new tools help organizations understand exposure and calculate renewal impact in seconds

CyberArk (NASDAQ: CYBR), the global leader in identity security, today announced the TLS Certificate Renewal Impact Calculator alongside its TLS Certificate Discovery Scan to help IT and security leaders prepare for the upcoming reduction in Transport Layer Security (TLS) certificate lifespans — from 398 days to 200 by March 2026, and down to just 47 days by 2029. These interactive tools help organizations understand their certificate exposure and quantify the operational and financial impact of shorter certificate lifespans.

“Shorter certificate lifespans are more than a compliance shift — they are a business risk,” said Kurt Sand, General Manager of Machine Identity Security at CyberArk. “Organizations will face a surge in renewals that manual processes simply cannot keep up with. The result is higher costs, operational strain, and potential system outages that can result in financial and reputational impact. Our new tools make it simple for security leaders to understand their exposure and build a strong case for automation before disruptions occur.”

Rising Costs and Outages from Frequent Certificate Renewals

The CA/Browser Forum's phased mandate to reduce public TLS certificate validity will require organizations to renew at least eight times per year — and likely monthly. For those relying on manual processes, the impact is dramatic: a company managing 500 certificates today spends about 2,000 labor hours annually but, by 2029, that figure could soar to over 24,000 hours — the equivalent of expanding a two-person team to 24 just to keep up. This surge in renewals also increases vulnerability to costly outages. CyberArk research shows 72% of security leaders experienced at least one certificate-related outage in the past year, with 67% facing outages monthly and 45% weekly. As renewal frequency rises, so too will outage-related costs.

CyberArk’s new certificate calculator and scanning tools help organizations:

• Understand their exposure: Visualize how the shift to 47-day certificate lifespans will affect renewal volumes and labor needs.
• Make informed decisions: Quantify operational costs and the ROI of automation to build a business case for modernization.
• Stay ahead of the change: Use CyberArk guidance to proactively transition to automated certificate lifecycle management, reducing outages, saving time and improving resilience.

The new tools are part of CyberArk's broader effort to educate the market on certificate management capabilities within the CyberArk Identity Security Platform, which delivers the most comprehensive set of capabilities in the market to help ensure that every identity has the right level of dynamic privilege controls when accessing resources across a multi-cloud environment.

• Organizations can access the TLS Certificate Renewal Impact Calculator today and begin preparing for the 47-day reality here.
• Find which public-facing certificates are expired, expiring soon, misconfigured, or non-compliant using the TLS Certificate Discovery Scan here.

About CyberArk

CyberArk (NASDAQ: CYBR) is the global leader in identity security, trusted by organizations around the world to secure human and machine identities in the modern enterprise. CyberArk’s AI-powered Identity Security Platform applies intelligent privilege controls to every identity with continuous threat prevention, detection and response across the identity lifecycle. With CyberArk, organizations can reduce operational and security risks by enabling zero trust and least privilege with complete visibility, empowering all users and identities, including workforce, IT, developers and machines, to securely access any resource, located anywhere, from everywhere. Learn more at cyberark.com.

Copyright © 2025 CyberArk Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.

View source version on businesswire.com: https://www.businesswire.com/news/home/20251119829893/en/

CyberArk research shows 72% of security leaders experienced at least one certificate-related outage in the past year, with 67% facing outages monthly and 45% weekly. As renewal frequency rises, so too will outage-related costs.