The answer to this question depends on many factors including the complexity of the protocol, the number of computers that are in the system, the number of users in the system, the number of network attached devices in the system, where the network attached devices are physically deployed, who owns the networked attached devices, the potential losses from down time during upgrade, the risks of internal security failure during an upgrade, and so on.

At one extreme small groups of individuals or computers may be able to rapidly achieve a higher level of security using systems based around the Synaptic Group Key Exchange or Enterprise Key Exchange technologies. Synaptic is planning the deployment of a instant messaging system that should enable basic communications (voice, file transfer, etc) to be established rapidly between small groups.

At the other extreme the communications protocols between devices, readers, and back-office servers may need to be significantly revised to achieve the necessary level of security in a manner that is cost-effective over the life-cycle of the system.  For example, EMVco is considering making a protocol change to the Eurocard-MasterCard-Visa banking system.  EMVco advises that "it will take 12 to 15 years for the infrastructure to be migrated in support of the new technique, which is why we are now conducting a review of various options.".  Synaptic Labs' security ecosystem is designed explicitly to address secure RFID credit and debit card transactions in a way that can be cost effectively deployed on current smart cards, achieves 100 year security and maintains the privacy of card holders from third parties.

An example of upgrading a large number of devices in the field is the $1.5 billion Cryptographic Modernization Initiative in the US Department of Defense. This project aims to strengthen security by deploying ECC, a public key technology that is not post quantum secure, in only 1.3 million existing pieces of equipment over the next 10 years.

Business now relies on information infrastructures that are interlinked and interdependent. We need to understand how to predict and mitigate these risks with a view to aid reaction and recovery within these infrastructures.
...
Complex systems exist in all aspects of society ranging from stock market analysis to climate change, and information systems and infrastructures are no exception. As an information system matures it typically converges with others to add a richer functionality. This reliance upon extrinsic factors to deliver a service adds extra layers of complexity and interdependency, which are not fully understood and are to some degree uncontrollable.

The way in which these hidden interdependencies pervade our everyday lives is staggering and, in some cases, may go unchecked for many years until an incident occurs that revels the true nature of the interdependences' impact.