Navigating the Quantum Threat: Are Organizations Prepared for Post-Quantum Computing Challenges?

Discover the urgent findings from DigiCert’s global study on post-quantum computing challenges. Learn why organizations need to act now to secure their data and adapt to the quantum era.

During its annual Trust Summit conference, DigiCert unveiled the findings of a global study that delves into how organizations are confronting the threat posed by post-quantum computing and preparing for a secure future in the era of quantum computing. The study’s significant discoveries indicate that IT leaders are indeed worried about their ability to prepare within the required timeframes, and their efforts are hindered by various challenges, including a lack of clear ownership, budget constraints, and insufficient executive support.

Quantum computing leverages the principles of quantum mechanics to tackle problems too intricate for traditional computers. However, it also makes encryption cracking considerably easier, presenting a substantial risk to data and user security. Amit Sinha, CEO of DigiCert, referred to post-quantum cryptography (PQC) as a groundbreaking event in the field of cryptography that necessitates immediate preparation. He emphasized the importance of forward-thinking organizations that have invested in crypto agility, as they will be better positioned to transition to quantum-safe algorithms once the final standards are released in 2024.

Armando Dacal, Group Vice President APJ at DigiCert, emphasized the critical need for quantum-safe cryptography in the APAC region, where digital transformation is rapidly evolving. He urged businesses to prioritize their preparations for PQC to protect their data and uphold trust in an increasingly interconnected world.

Highlights of the study conducted by the Ponemon Institute, sponsored by DigiCert, involve 1,426 IT and IT security practitioners from the United States, EMEA, and Asia-Pacific who possess knowledge about their organizations’ approaches to post-quantum cryptography. Key findings from the study include:

• 61% of respondents indicated that their organizations are unprepared and won’t be ready to address the security implications of PQC.
• Nearly half of the respondents (49%) reported that their organizations’ leadership is only somewhat aware (26%) or entirely unaware (23%) of the security implications associated with quantum computing.
• Only 30% of respondents stated that their organizations are allocating a budget for PQC readiness.
• 52% of surveyed organizations are currently taking an inventory of the types of cryptography keys used and their characteristics.

In the APAC region, specific highlights from the study include:

• 39% of organizations believe they have less than five years to prepare.
• 53% of respondents either have a strategy (19%) or plan to develop one in the next six months (34%) to address the security implications of quantum computing.
• 63% of organizations either lack a centralized crypto-management strategy (23%) or possess a limited one, applicable only to specific applications or use cases (37%).

The study’s findings indicate that organizations face numerous challenges in their efforts to prepare for a secure post-quantum computing future. Security teams must balance the pressure of defending against cyberattacks while also planning for a post-quantum computing landscape. Only 50% of respondents stated that their organizations are highly effective in mitigating risks, vulnerabilities, and attacks across the enterprise. According to the research, ransomware and credential theft rank as the top two cyberattacks experienced by organizations in the study.

Furthermore, 41% of respondents believe their organizations have less than five years to get ready, with the primary challenges being a lack of time, resources, and expertise. Currently, only 30% of respondents mentioned that their organizations allocate a budget for PQC readiness. Many organizations lack information about the characteristics and locations of their cryptographic keys, with just slightly over half (52%) currently taking an inventory of these keys. Moreover, only 39% prioritize cryptographic assets, and 36% determine whether data and cryptographic assets are on-premises or in the cloud.

Centralized crypto-management strategies that are consistently applied across the enterprise are notably lacking. A majority of respondents (61%) indicated that their organizations only possess a limited crypto-management strategy, applicable to specific applications or use cases (36%), or they lack a centralized crypto-management strategy altogether (25%).

To enhance the security of information assets and IT infrastructure, organizations must improve their ability to deploy effective cryptographic solutions and methods. The study revealed that most respondents feel their organizations do not have a strong capacity to implement enterprise-wide best practices and policies, detect and respond to certificate/key misuse, address algorithm remediation or breaches, and prevent unplanned certificates.

Recognizing their lack of expertise to stay ahead of post-quantum requirements, organizations consider hiring and retaining qualified personnel their most important strategic priority for digital security (55% of respondents). This is followed by achieving crypto-agility (51% of respondents), which involves efficiently updating cryptographic algorithms, parameters, processes, and technologies to adapt to new protocols, standards, and security threats, including those associated with quantum computing methods.

To prepare for the era of post-quantum computing, organizations must establish a strategy backed by senior leadership, visibility into cryptographic keys and assets, and consistent, enterprise-wide centralized crypto-management strategies that come with accountability and ownership.

The findings of the global study conducted by DigiCert shed light on the pressing need for organizations worldwide to address the imminent challenges posed by quantum computing. As the digital landscape continues to evolve at a rapid pace, the importance of quantum-safe cryptography cannot be overstated. It is evident that the road to a secure post-quantum computing future is fraught with obstacles, including inadequate awareness, budget constraints, and the absence of clear ownership. However, the message is clear: proactive measures are imperative. Organizations must act now, prioritizing their preparations, investing in crypto agility, and embracing a centralized crypto-management strategy to safeguard their data and maintain trust in an interconnected world. The quantum revolution is upon us, and the time for action is now.