Despite a general sense of optimism about the potential of quantum computing, IT people have concerns about and the risk it presents. Over two thirds (67pc) anticipate that quantum computing could increase or shift cybersecurity risks over the next decade. Some 40pc feel that it has the potential to disrupt existing business models. Most, 67pc are worried about it breaking internet encryption before platforms fully implement new post-quantum cryptography, according to a survey for the IT sector association, ISACA.
Chris Dimitriadis, Chief Global Strategy Officer at ISACA, said: “Given recent quantum advancements and breakthroughs, we can expect quantum computing to be present in our day-to-day platforms and processes within the next years. Whilst this will present great opportunities for innovation in several industries, significant cybersecurity risks emerge both in terms of quantum in a silo as well as through the rise of Quantum AI. For instance, cryptography is present in all businesses, industries and sectors, and quantum computing has the potential to break the cryptographic protocols that we use, rendering simple services useless. At the same time, quantum will substantially transform AI by boosting its capabilities, together with the risks associated with it.
“As a society that relies so heavily on digital systems, it’s imperative that we take this seriously.Organisations must make sure that they are already planning about how their operations might look in a post-quantum world, while they keep developing an holistically trained workforce on AI. They simply cannot afford to defer this critical preparation, risking the stability of the global economy itself. We need to build a holistically trained workforce on Quantum (and continue doing this for AI) and then create a plan for transition to the post-quantum era, enabling the safe adoption of these emerging technologies, so we can enjoy the benefits of innovation in a safe manner.”
“Organisations must then prioritise creating, implementing and integrating a quantum strategy that shields them from the impacts of quantum, which is a high risk, yet high reward technology. Being properly prepared will enable them to leverage its power without compromising safety.”
The survey among members of ISACA found a low level of quantum literacy within businesses. Just 2pc strongly agree they have a good understanding of the capabilities of quantum computing, and only 5pc say they have a strong understanding of the new NIST post-quantum cryptography standards, even though the standards body NIST in the United States has been working on them for ten years.
Visit www.isaca.org/quantum-pulse-poll.
Comments
Michael Murphy, deputy CTO of Arqit, says: “Quantum security doesn’t have to be complicated, but the ISACA findings point to a critical knowledge gap. There’s a growing misconception that because quantum technology is complex, deploying quantum-safe protections must be too. In reality, practical and accessible solutions already exist to start securing systems today, such as symmetric key agreement (SKA) technologies.
“The real risk isn’t quantum complexity; it’s inaction. Many organisations are still exposed to legacy cryptography, while failing to prepare for new regulatory timelines for quantum-safe systems. Without immediate action, they risk being caught between two eras of insecurity.
“Quantum migration isn’t tomorrow’s problem. By demystifying the process, assessing cryptographic health, and adopting crypto-agile solutions like SKA, organisations can secure their futures today.”
Rob Clyde, chairman of Crypto Quantique, is a past ISACA board chair and is presenting on this topic at the ISACA North America Conference in May. He notes that digital trust professionals should educate stakeholders about quantum computing risks and the urgent need for post-quantum solutions. He says: “Start by 1) identifying where encrypted data are stored and devices that use encryption, 2) developing a plan to transition to post-quantum cryptography prioritizing critical data and systems, and 3) continuously monitoring for updated software and firmware with post-quantum cryptography. Waiting until quantum computing is here is too late, especially given today’s harvest-now, decrypt-later threat.”
