61% of firms worry they are unprepared for security risks in quantum era

Enterprises are concerned their data may be targeted for harvest now and decrypted in the future by cybercriminals when the ability to do so emerges, a global study reveals.
Written by Eileen Yu, Senior Contributing Editor
Quantum computing concept
Eugene Mymrin/Getty Images

Enterprises are worried they are ill-prepared to deal with potential cybersecurity risks brought on by quantum computing. 

Some 61% have expressed concern their organization is not and will not be prepared to handle security implications that may surface in a post-quantum computing future, according to a survey conducted by Ponemon Institute. Commissioned by DigiCert, the study polled 1,426 IT and cybersecurity professionals who have knowledge of their company's approach to post-quantum cryptography. Among them were 605 from the US, 428 in EMEA, and 393 across Asia-Pacific. 

Also: The best VPN services (and how to choose the right one for you)

Another 74% of respondents worry their data may be targeted for harvest now by cybercriminals and to be decrypted in the future when the ability to do so surfaces. 

Some 30% say a budget has been set aside to prepare their organization for a quantum computing era. Just over half, at 52%, currently are making an inventory of the types of cryptography keys used along with their characteristics. 

About 59% believe their leadership team is aware or somewhat aware about the security implications of quantum computing, while 18% say their leadership is "very aware" of such risks. Another 23% reveal their leadership team is not aware about security risks related to quantum computing. 

Some 41% believe their organization must be prepared for a quantum computing era within five years, while 29% say they have between five and seven years. Another 12% say their organization will be ready in eight to 10 years, and 9% put this at more than a decade.

Also: 6 simple cybersecurity rules you can apply now

About 10% believe their organization will not be ready in time for a quantum computing future. In addition, 25% do not have a centralized strategy for managing cryptography, compared to 39% that have a company-wide strategy to manage cryptography.

Some 36% say their organization has a limited strategy in place that is applied only to specific use cases or applications. 

From a regional perspective, 44% of US respondents and 39% in Asia-Pacific as well as in EMEA believe they have fewer than five years to be prepared. 

Some 28% in the US, 21% in EMEA, and 19% in Asia-Pacific say they already have a strategy in place to manage the security implications of quantum computing. Another 34% in Asia-Pacific, 32% in the US, and 29% in EMEA will have one within the next six months. 

A quarter in the US has no such plans at all, compared to 24% in EMEA and 21% in Asia-Pacific whose organization also has no plans to establish a strategy to deal with the security implications of quantum computing. 

Also: Government officials debate effectiveness of multilateral relations in cybersecurity

"Post-quantum computing is a seismic event in cryptography that will require IT leaders to begin preparation now," said DigiCert CEO Amit Sinha. "Forward-thinking organizations that have invested in crypto agility will be better positioned to manage the transition to quantum-safe algorithms when the final standards are released in 2024."

Countries such as Singapore have started looking at the impact of quantum computing on the industry, including potential security risks and new encryption tools that may be needed. 

The Singapore government last year set aside SG$23.5 million ($17.14 million) to support initiatives to develop relevant skill sets and quantum devices, with the aim to ensure encryption technologies remained robust and able to withstand "brute force" attacks.

The Asian country also is looking to build a quantum-safe network to showcase "crypto-agile connectivity" and facilitate trials with both public and private organizations. The initiative includes a quantum security lab for vulnerability research.

Also: How AI can improve cybersecurity

The Singapore government believes quantum technology can prove a "game changer" and efforts are needed to stay ahead of malicious actors amid a fast-evolving cyber landscape. 

Its Deputy Prime Minister and Coordinating Minister for Economic Policies Heng Swee Keat previously noted that strong encryption was key to the security of digital networks and the current encryption standard, AES 256, still was holding up well. This, however, could change with quantum computing, Heng said. 

As quantum computers continued to achieve higher compute speeds million times faster than supercomputers, he added that it was critical Singapore invested in quantum engineering and research to stay ahead of potential threats.

Editorial standards