More than two-thirds (67%) of European IT professionals fear that quantum computing could increase cybersecurity risks in the coming years. Despite these concerns, only 4% of organizations have a defined quantum computing strategy. Furthermore, the majority do not realize that quantum computing may arrive sooner than expected, according to new research by ISACA.
Quantum computing offers revolutionary possibilities and is welcomed by 56% of cyber and IT professionals as a technology that creates opportunities for organizations. However, the ISACA survey shows that despite this optimism, there are serious concerns about the risks. For example, 67% fear that quantum computing could break current encryption standards before platforms have fully transitioned to new post-quantum cryptography.
Chris Dimitriadis, Chief Global Strategy Officer at ISACA, said: “Given recent quantum advancements and breakthroughs, we can expect quantum computing to be present in our day-to-day platforms and processes within the next years. Whilst this will present great opportunities for innovation in several industries, significant cybersecurity risks emerge both in terms of quantum in a silo as well as through the rise of Quantum AI. For instance, cryptography is present in all businesses, industries and sectors, and quantum computing has the potential to break the cryptographic protocols that we use, rendering simple services useless. At the same time, quantum will substantially transform AI by boosting its capabilities, together with the risks associated with it.”
Huge concerns, but no action
Despite the expected impact of quantum computing, organizations aren’t preparing themselves for it. Only 4% say they have developed a defined quantum computing strategy. More than half (52%) have not integrated quantum computing into formal strategies or roadmaps and do not plan to do so. Furthermore, 40% of cyber and IT professionals report that their organization has not yet considered implementing post-quantum cryptography.
This attitude stands in stark contrast to developments in the field of quantum computing. Google recently launched Willow, a quantum chip with 105 qubits that the company claims is the fastest ever. IBM previously introduced a 133-qubit quantum computing processor and a modular quantum system.
Lack of quantum knowledge
One of the most critical findings from the survey is the low level of quantum knowledge within organizations. Only 2% of respondents report having a good understanding of the possibilities of quantum computing. Even more striking is that only 5% have insight into the new NIST post-quantum cryptography standards, despite NIST having worked on these for more than 10 years.
This lack of knowledge underscores the inadequacy of organizations in preparing for the advent of quantum computing. They lack the necessary skills to protect organizations from emerging threats and comply with new regulations. European agencies such as ENISA and the EuroHPC Joint Undertaking have repeatedly emphasized the urgency of preparing for quantum computing.
The European Commission is also investing in programs such as Quantum Flagship and Digital Europe. Still, according to ISACA, more needs to be done to build a workforce that is ready for the arrival of quantum computing.
Protection against quantum threats
Solutions such as Quantum Key Distribution (QKD) are considered a possible protection against the threat that quantum computing poses to today’s encryption. This technique generates keys that would be resistant to decryption by quantum computers. Companies such as Single Quantum and Toshiba have already made this technology suitable for fiber optic connections of more than 300 kilometers.
However, there is no consensus on the best approach. The Dutch AIVD, for example, has criticized QKD and advocates other methods that would be cheaper and more widely applicable.
Dimitriadis of ISACA emphasizes that it is time for action: “As a society that relies so heavily on digital systems, it’s imperative that we take this seriously.Organisations must make sure that they are already planning about how their operations might look in a post-quantum world, while they keep developing an holistically trained workforce on AI. They simply cannot afford to defer this critical preparation, risking the stability of the global economy itself. We need to build a holistically trained workforce on Quantum (and continue doing this for AI) and then create a plan for transition to the post-quantum era, enabling the safe adoption of these emerging technologies, so we can enjoy the benefits of innovation in a safe manner.”
Recent developments such as the collaboration between Proximus and KU Leuven for the development of quantum repeaters and the opening of a new quantum hub in Delft show that there is growing interest in quantum technology in Europe. Despite these positive developments, the question remains whether European organizations will respond quickly enough to the quantum threat.