Organisations Unprepared for Quantum Computing Cyber Risks

Organisations Unprepared for Quantum Computing Cyber Risks

New research from ISACA reveals despite mounting concern among 62% of technology and cybersecurity professionals that quantum computing could shatter current internet encryption, most organisations remain critically unprepared.

A further 63% of tech professionals expect quantum computing to increase or shift cybersecurity risks. However, only 5% say it is a high priority for their organisation, and just 5% report having a defined quantum strategy in place.

ISACA’s Quantum Computing Pulse Poll surveyed more than 2,600 professionals in digital trust, cybersecurity, IT audit, governance and risk on the perceptions and preparations around quantum computing.

The findings suggest that quantum computing has the potential to disrupt algorithms that secure nearly all online transactions, including digital signatures, websites, utilities and medical records, action remains stagnant.

ISACA Board Director Jamie Norton said quantum computing is accelerating fast, and the implications for digital trust, particularly in data-rich sectors like finance, health and government, are enormous.
“Too many Australian and New Zealand organisations remain in reactive mode and underestimate quantum computing’s potential to break existing encryption,” said Norton. “Now is the time to assess whether you have the expertise to implement post-quantum cryptography solutions and start building internal capability.”

“This is essential to mitigate its impact and protect sensitive data, maintain customer trust and ensure long-term business resilience,” he adds.

Many respondents believe quantum technology has revolutionary potential and promises major breakthroughs, with 63% expecting it to significantly accelerate computational tasks or data analysis; 46% anticipating revolutionary innovation; and 48% very or somewhat optimistic about its impact in their sector. Yet many also foresee new challenges, including:

  • 63% say quantum will increase or shift cybersecurity risks;

  • 57% say it will create new business risks;

  • 52% say it will change the skills needs of businesses; and

  • 50% say it will present regulatory and compliance challenges

Among a smaller group of Oceania respondents, all of those data points were higher by at least 10 percentage points, indicating that digital trust professionals in Australia are even more concerned about the changes and challenges quantum will bring.

Sixty-two per cent of toll respondents are worried about quantum computing breaking today’s internet encryption before browsers and websites fully implement the new post-quantum cryptography algorithms approved by NIST. There’s also significant worry around the harvest now, decrypt later threat, where encrypted data is stolen now to be unlocked in the quantum future. Fifty-six per cent of respondents cited this as a concern.

Despite 25% of respondents believing the industry-wide impact of quantum computing will be felt within the next five years and 39% feeling it will happen in six to 10 years, 41% say they do not plan to address quantum computing at this time, and 40% are not aware of their company’s plans.

When asked how their organisation views quantum computing within its current technology or innovation strategy:

  • 5% consider it a high priority for near-term planning;

  • 15% say it is on their long-term roadmap but not a near-term priority;

  • 19% say they have discussed it but not made any formal plans;

  • 37% have not discussed it at all; and

  • 24% are unsure.

Knowledge gaps are also evident. Only 7% of respondents say they have a strong understanding of the new post-quantum cryptography standards from the US National Institute of Standards and Technology, despite NIST working on them for over a decade. Forty-four per cent had never heard of the standards.

More than half (55%) of enterprises have not taken steps to prepare for quantum computing. Of those that have, their actions include:

  • Assessing regulatory or compliance implications of quantum (46%)

  • Exploring quantum-safe cryptography (38%)

  • Collaborating with quantum hardware/software providers or consortia (28%)

  • Providing staff training and upskilling on quantum computing (27%)

  • Investing in research and development or proof-of-concepts (27%)

Still, 30% of global cyber and IT professionals admit they do not have a good understanding of quantum computing’s capabilities, indicating the need for education and skill development.
Crypto Quantique Chairman and past ISACA Board Chairman Rob Clyde notes that digital trust professionals should educate stakeholders about quantum computing risks and the urgent need for post-quantum solutions.

“Start by identifying where encrypted data are stored and devices that use encryption; developing a plan to transition to post-quantum cryptography prioritising critical data and systems; and continuously monitoring for updated software and firmware with post-quantum cryptography,” he said. “Waiting until quantum computing is here is too late, especially given today’s harvest-now, decrypt-later threat.”




Source link