A DigiCert study highlighted a troubling gap in the preparedness of enterprises for the impending quantum computing revolution.
While 69% of organisations recognise the risks quantum computing poses to existing encryption standards, a mere 5% have implemented quantum-safe encryption. Alarmingly, 46.4% of respondents indicated that significant portions of their encrypted data could be vulnerable to quantum attacks.
The findings underscore a critical juncture for CISOs across Asia: although the quantum threat is acknowledged, proactive measures to secure sensitive data are sorely lacking.
With encryption being the backbone of various sectors—ranging from online banking to healthcare and smart technologies—ensuring its robustness is essential for safeguarding information.
Kevin Hilscher, senior director of Product Management at DigiCert, stated, “The quantum era presents both a significant risk and a transformative opportunity as we reach an inflection point for enterprise security."
He emphasised that today’s groundwork will dictate which organisations can maintain trust and resilience as quantum realities unfold, adding organisations should be advancing their quantum readiness plans, beginning with asset discovery and risk assessment, aiming for crypto-agility.
Despite the majority of organisations (69%) believing that quantum computers will breach current encryption within five years, only 38% feel “very prepared” for these threats.
A meagre 19.2% consider themselves “extremely prepared,” highlighting a disconnect between awareness and action. This reluctance to act is often attributed to perceived complexity and the belief that quantum computing is still on the horizon.
“The fact that only 5% of organisations have implemented quantum-safe encryption, despite widespread awareness of the threat, should be a wake-up call," remarks Dr. Jim Goodman, CTO at Crypto4A.
"Migrating to post-quantum cryptography isn’t just a software patch—it requires a foundational shift in how cryptography is managed.” Jim Goodman
DigiCert recommends four key steps for organisations to adopt a quantum-safe security posture:
- Inventory cryptographic assets: Catalogue all certificates and algorithms, prioritising upgrades based on criticality.
- Replace long-term encryption algorithms: Focus on critical assets like roots of trust and long-lived IoT devices.
- Test post-quantum cryptography (PQC) algorithms: Explore and trial PQC in controlled environments.
- Achieve crypto-agility: Establish visibility and responsiveness in deploying encryption technologies.