Quantum computing advancements pose a massive risk to cybersecurity and business stability, but many enterprises are not yet responding accordingly, according to new research from ISACA’s global Quantum Computing Pulse Poll. While 62 percent of technology and cybersecurity professionals are worried that quantum computing will break today’s internet encryption, only 5 percent say it’s a high priority for the near future, and just 5 percent say their organizations have a defined quantum computing strategy.
More than 2,600 global professionals in digital trust, cybersecurity, IT audit, governance and risk were surveyed in this inaugural ISACA poll on the perceptions and preparations around quantum computing—which is believed to revolutionize global industry with its immense computational power, including the capability to break the algorithms that secure nearly all online transactions.
“If we don’t move now to start solving issues like re-encrypting our data, switching to new digital signatures and moving our systems over to new algorithms, we are creating problems that will become increasingly difficult to address,” wrote Rob Clyde, past ISACA board chair and Crypto Quantique chairman, in an ISACA Now blog post.
Nearly half (48 percent) of survey respondents are very or somewhat optimistic about quantum computing’s impact in their sector/industry, while 63 percent believe it will speed up computational tasks or data analysis significantly, and 46 percent say it will create revolutionary innovations.
However, many anticipated outcomes of quantum require significant preparation:
- 63 percent say quantum will increase or shift cybersecurity risks
- 57 percent say it will create new business risks
- 52 percent say it will change the skills needs of businesses
- 50 percent say it will present regulatory and compliance challenges
Poll respondents (62 percent) are worried about quantum computing breaking today’s internet encryption before browsers and websites fully implement the new post quantum cryptography algorithms approved by National Institute of Standards and Technology (NIST). They are also focused on the potential for cybercriminals to start collecting encrypted data now and decrypt it once quantum computing becomes viable—with 56 percent citing the practice, known as “harvest now, decrypt later,” as a concern.
“Many organizations underestimate the rapid advancement of quantum computing and its potential to break existing encryption,” says Jamie Norton, ISACA board director and partner, McGrathNicol. “They need to start examining whether they have the expertise to implement post-quantum cryptography solutions now, to ensure they are able to effectively mitigate its impacts.”
Despite concerns about its potential impacts, it appears many organizations have not yet mobilized to prepare for these coming changes. Forty percent are not aware of their company’s plans, and 41 percent say they do not plan to address quantum computing at this time—even though 25 percent believe that the transformative potential of quantum computing will be realized on an industry-wide scale within the next five years, and 39 percent think it will happen in six to 10 years.
Only 7 percent of the poll respondents say they have a strong understanding of the new NIST standards, even though NIST has been working on them for more than 10 years. Forty-four percent admit they have never heard of them.
Clyde noted that there is a growing set of resources to assist organizations with the needed changes.
“Open source code and many vendors who provide encryption support the new standards, so it’s not like organizations have to write code themselves that meet the encryption standards. We have the tools available, but many companies have not yet started to assess what data needs to be re-encrypted and how they should go about it,” Clyde wrote. “That is especially problematic because this is not a situation in which organizations are just going to flip a switch and everything will be done, so they’ll have to approach the transition by criticality.”
Learn more about ISACA’S Quantum Computing Pulse Poll at www.isaca.org/quantum-pulse-poll.