Globally, global respondents’ perceived readiness for quantum impact were not much better, amid ‘harvest-now/decrypt later’ threats brewing: survey

In a survey of 1,426 IT and IT security practitioners in the United States (605), EMEA (428) and the Asia-Pacific region (393) who are knowledgeable about their organizations’ approach to post-quantum cryptography, trends in APAC and global respondents were observed.

Quantum computing promises significant benefits, but it also poses new threats, particularly in the realm of cybersecurity. In APAC respondents, a significant cybersecurity workforce gap was often cited, leading to urgent challenges in preparing for the quantum era. Main concerns in the region cited “not having enough time”, money and expertise to prepare for quantum cryptography’s impact.

Globally, 61% of respondents were not prepared to address the security implications of post-quantum cryptography. This points to the need for global IT leaders to attain “crypto-agility”, involving the ability to change, improve, and revoke cryptographic assets to protect against quantum threats.

Other key findings

    • 74% of organizations across the board were concerned that bad actors can conduct “harvest now, decrypt later” attacks now, in which they collect and store encrypted data with the goal of decrypting it in the future.
    • 60% of cyberattacks were considered by respondent to be “more sophisticated”, targeted (56%) and severe (54%).
    • 52% of respondents indicated their organizations were currently taking an inventory of types of cryptography keys used and their characteristics.
    • 39% of APAC respondents indicated that their organizations have less than five years to get ready, with almost half of respondents indicating that their organizations’ leadership was only “somewhat aware” or “not aware” about the security implications of quantum computing.
    • 53% of APAC respondents cited currently having a post-quantum strategy (19% percent), 34% cited doing so in the next six months.

According to Amit Sinha, CEO, DigiCert, which commissioned the survey: “Forward-thinking organizations that have invested in post-quantum cryptographic agility will be better positioned to manage the transition to quantum-safe algorithms when the final standards are released in 2024.”

The firm is urging businesses to prioritize their quantum era preparations to safeguard their data and maintain trust in an increasingly interconnected world.