Post-quantum cryptography gains traction across sectors

Insights from Keyfactor's leadership suggest significant shifts in data security practices are anticipated for 2025, particularly in response to advancements in quantum computing.

Ted Shorter, Chief Technology Officer at Keyfactor, predicts that post-quantum cryptography (PQC) will see increased adoption within highly regulated sectors such as government, finance, and telecommunications. "In 2025, highly regulated industries like government, finance, and telecommunications will lead the adoption of post-quantum cryptography (PQC) solutions to safeguard sensitive data and comply with stricter regulatory mandates," he stated. Shorter emphasised that industries handling sensitive data will be early adopters of PQC to protect critical infrastructure and maintain consumer trust. "As quantum computing advances, these sectors will face heightened risk to data security, prompting stricter regulatory mandates and early adoption of PQC," he added.

From the perspective of Tomas Gustavsson, Chief PKI Officer, organisations will need to prioritise agility in their encryption strategies to align with the shortened transition timelines set by the National Institute of Standards and Technology (NIST). "Organizations will prioritize agility in their 2025 encryption strategies, leveraging emerging post-quantum cryptographic (PQC) standards to prepare for the shortened transition timeline set by NIST," he commented. Gustavsson noted that as NIST progresses with finalising post-quantum cryptographic standards, companies face no option but to initiate the transition promptly, referring to past experiences where delays postponed cryptographic adaptations.

He further illustrated the significance of industries such as the Internet of Things (IoT) in adopting tailored quantum-safe solutions to counter evolving threats. "Industries such as IoT, with diverse use cases and unique security demands, will increasingly adopt tailored quantum-safe solutions to address evolving threats," he noted, indicating the disruptive innovation in cryptographic practices.

Ellen Boehm, Senior Vice President, IoT Strategy and Operations, stressed the importance of adopting proactive IoT security measures in 2025. As threats evolve with quantum computing advancements, robust IoT security practices become crucial. "In 2025, proactive IoT security practices and layered roots of trust will become critical for organizations to withstand escalating threats and regulatory pressures," she explained. Boehm pointed out that organisations must reinforce their IoT security supply chains to preempt sophisticated threats, emphasising the importance of layered trust systems.

Moreover, the Cyber Resilience Act (CRA) is identified by Boehm as a significant motivator compelling developers and Original Equipment Manufacturers (OEMs) to embed security throughout the IoT device lifecycle. "From a product security perspective, developers and OEMs designing IoT devices will need to embed security at every stage of the product lifecycle, ensuring hardware and software integrity before devices even reach the market," Boehm highlighted. The CRA's stricter cybersecurity mandates necessitate such actions to mitigate regulatory and reputational risks.