Insufficient investment in quantum-safe strategies concerns IT leaders
A new international study sponsored by DigiCert and conducted by the Ponemon Institute has shown the vulnerability that IT leaders around the world feel due to the insufficient investment being made in quantum-safe transition strategies. The study particularly underlined the concern among leaders in the APAC region, where 39% asserted their organisations have less than 5 years to prepare for a secure transition. The primary obstacles to readiness are reportedly lack of funding and expertise.
Quantum computing utilises the principles of quantum mechanics to solve problems that are far too complex for classical computers. This advanced capability, however, also makes it significantly easier to crack encryption, thereby posing a significant threat to data and user security.
"In the APAC region, where digital transformation is rapidly evolving, the need for quantum-safe cryptography is paramount. As industry bodies and governments drive progress, we urge businesses to prioritise their preparations for PQC to safeguard their data and maintain trust in an increasingly interconnected world," said Armando Dacal, Group Vice President APJ at DigiCert.
Within the APAC region, timeframes for preparation are seen as problematic. Alarmingly, 39% of IT leaders believe they have less than five years to prepare. Almost half of the respondents shared that awareness at the organisational leadership level about the security implications of quantum computing is only somewhat present or not present at all. The obstacles mentioned regularly include time, money, and lack of expertise.
The study also found that 53% of APAC respondents currently have a strategy or intend to have one within the next six months to address the security implications of quantum computing. This revelation is chilling since cybersecurity firm DigiCert highlights that PQC readiness would require forward-thinking organisations to start making preparations now, as the final standards would be released in 2024.
"PQC is a seismic event in cryptography that will require IT leaders to begin preparation now. Forward-thinking organisations that have invested in crypto agility will be better positioned to manage the transition to quantum-safe algorithms when the final standards are released in 2024," commented Amit Sinha, CEO of DigiCert.
However, only just over half of respondents globally (52%) said their organisations are currently taking an inventory of the types of cryptography keys used and their characteristics. Moreover, many firms seem to lack an overarching and consistent strategy for cryptographic management, potentially making them vulnerable to cyber threats.
As the study’s conclusions point out, to prepare for a safe post-quantum computing future, organisations must not only invest money and expertise but also develop a strategic approach. Such a strategy should involve both senior leadership backing, visibility into cryptographic keys and assets, as well as a centralised and consistent crypto-management approach.