A recent poll by ISACA has highlighted a significant gap in preparedness among organisations regarding quantum computing, despite widespread recognition of its potential risks.
The survey found that while 62% of technology and cybersecurity professionals are concerned about the potential of quantum computing to compromise existing internet encryption, only 5% regard it as a high priority, and an equal percentage report having a defined quantum computing strategy.
The survey, which involved over 2,600 global professionals in cybersecurity, IT audit, and governance, indicates that quantum computing could revolutionise industries with its immense computational power. However, it poses a considerable risk to cybersecurity, potentially breaking the encryption algorithms that secure online transactions, digital signatures, and sensitive data.
The dual nature of quantum computing is evident in the responses: while 48% of participants expressed optimism about its impact on their sectors, 63% believe it will increase cybersecurity risks.
Additionally, 57% foresee new business risks arising, and 52% anticipate a shift in the skills required within organisations. Concerns about regulatory and compliance challenges were echoed by 50% of respondents.
A prevalent worry among participants is the threat of quantum computing breaking current encryption standards before new post-quantum cryptography algorithms, approved by the National Institute of Standards and Technology (NIST), are fully implemented.
The practice of "harvest now, decrypt later," where cybercriminals collect encrypted data for future decryption, was cited by 56% as a significant concern.
Jamie Norton, ISACA board director, remarked, “Many organisations underestimate the rapid advancement of quantum computing and its potential to break existing encryption. They need to start examining whether they have the expertise to implement post-quantum cryptography solutions now.”
Despite these concerns, many organisations have not mobilised efforts to prepare. Forty percent of respondents were unaware of their company’s plans regarding quantum computing, with 41% stating they do not intend to address the issue at this time.
This is concerning given that 25% believe the transformative potential of quantum computing will be realised within the next five years.
When asked about their organisation's stance on quantum computing, only 5% consider it a high priority, while 37% had not discussed it at all. Furthermore, only 7% reported a strong understanding of NIST’s post-quantum standards.
To address these challenges, 55% of enterprises have not yet taken steps to prepare for quantum computing. Among those that have, efforts are primarily focused on assessing compliance implications and exploring quantum-safe cryptography.
Rob Clyde, chairman of Crypto Quantique, emphasised the need for digital trust professionals to educate stakeholders on quantum computing risks and to develop plans for transitioning to post-quantum cryptography.
As quantum computing progresses, the need for organisations to act and prepare for its implications becomes increasingly urgent.