The rise of quantum computing is well-documented, and with experts predicting that true quantum computing — not existing so-called quantum computing solutions — is only years away, businesses are starting to become concerned about the security implications.

One of the core concerns is that true quantum computers will be able to decrypt any and all data encrypted with existing encryption standards. The issue has been recognized at the highest levels of government A White House National Security Memorandum in May was aimed at maintaining U.S. leadership in quantum information science and mitigating the risks of quantum computing to national security.

The belief that quantum computing can decrypt encrypted data in the future has also led to concerns around “harvest now, decrypt later” cybersecurity attacks. As the name suggests, the concern is that data stolen now and currently impossible or extraordinarily difficult to decrypt could be decrypted using quantum computers in the future.

According to a new poll of professionals at organizations considering quantum computing benefits by Deloitte Touche Tohmatsu Ltd., half of those surveyed believe their organizations are at risk from harvest now, decrypt later attacks.

However, only 45% said their organizations expected to complete assessments of potential post-quantum encryption vulnerabilities within the next 12 months. An additional 16% expect to conduct such quantum risk assessments within the next two to five years.

Notably, 27% of respondents said their organization’s quantum computing security risk management efforts will come about only from regulatory pressure to adopt legislation. Almost 21% said they would advance efforts or policies to address algorithms made obsolete by quantum computing only if there is leadership demand from the board of directors or C-suite.

Other respondents said their organizations were taking a “wait and see” approach, with nearly 12% saying it would take a cyber incident — such as exfiltration of sensitive data — involving their organization to drive quantum security risk management efforts. Fewer than 7% said client or shareholder demand would drive the same.

“It’s encouraging to see that so many of the organizations with quantum computing awareness are similarly aware of the security implications that the emerging technology presents, but it’s important to note that ‘harvest now, decrypt later’ attacks are something all organizations — whether or not they’re considering leveraging quantum computing — stand to face in a post-quantum world,” Colin Soutar, U.S. quantum cyber readiness leader and Deloitte risk and financial advisory managing director, said in a statement. “As quantum awareness grows within boardrooms, C-suites and security teams, we’re hopeful that organizations’ efforts to prepare for post-quantum cyber risk management will grow as well.”

Photo: Baidu