IT leaders worry about the need to invest for quantum shift

While IT leaders are concerned about their ability to prepare for a safe post-quantum computing in the future, a new report from DigiCert and Ponemon Institute finds that they are hampered by obstacles which include lack of clear ownership, budget, and executive support.

With quantum computing, cracking encryption becomes much easier, posing an enormous threat to data and user security.  

“Forward-thinking organisations that have invested in crypto agility will be better positioned to manage the transition to quantum-safe algorithms when the final standards are released in 2024,” said Amit Sinha, CEO of DigiCert.

- Advertisement -

Armando Dacal, DigiCert group VP in the Asia-Pacific and Japan region, urged businesses to prioritise their preparations for post-quantum cryptography (PQC) to safeguard their data and maintain trust in an increasingly interconnected world.

Ponemon Institute surveyed 1,426 IT and IT security practitioners — including 605 respondents in the United States; 428 in Europe, the Middle East and Africa; and 393 in APAC — who are knowledgeable about their firms’ approach to PCQ.

Three in every five (61%) of those polled say their organisations are not and will not be prepared to address the security implications of PQC.

Almost half of respondents (49%) say their organisations’ leadership is only somewhat aware (26%) or not aware (23%) about the security implications of quantum computing.

Only 30% of respondents say their organisations are allocating budget for PQC readiness.

More than half (52%) of those surveyed say their organisations are currently taking an inventory of the types of cryptography keys used and their characteristics.

Across the region, 39% of organisations say they have less than five years to get ready.

Also, 53% of respondents currently have a strategy (19% percent) or will have in the next six months (34%) to address the security implications of quantum computing.

However, 63% do not have a centralised crypto-management strategy (23%) or they have a very limited one, only applied to certain applications or use cases (37%).

Key findings indicate that security teams must juggle the pressure to keep ahead of cyberattacks targeting their organisations while preparing for a post quantum computing future. 

Only half of respondents say their organisations are very effective in mitigating risks, vulnerabilities and attacks across the enterprise. 

According to the research, ransomware and credential theft are the top two cyberattacks experienced by organisations polled.

Many organisations are in the dark about the characteristics and locations of their cryptographic keys. Only slightly more than half of respondents (52%) say their organisations are currently taking an inventory of the types of cryptography keys used and their characteristics. 

Very few have an overall centralised crypto-management strategy applied consistently across the enterprise. 

Three in every five (61%) of respondents say their organisations only have a limited crypto-management strategy that is applied to certain applications or use cases (36%), or they do not have a centralised crypto-management strategy (25%).

The report asserts that, to be ready for post-quantum computing, organisations need to have a strategy that includes backing by senior leadership, visibility into cryptographic keys and assets, and centralised crypto-management strategies that are applied consistently across the enterprise with accountability and ownership.