Nearly half of enterprises aren't prepared for quantum cybersecurity threats
Most businesses haven't even started transitioning to post-quantum cryptography, research shows
Only half of organizations across North America and Europe are geared up for looming quantum cybersecurity threats, with some even thinking dangers are being exaggerated.
A new survey from Keyfactor revealed that nearly half (48%) aren't ready for the challenges posed by quantum computing, which will render public-key cryptography obsolete. Mid-sized organizations appeared particularly vulnerable, with 56% saying they weren't prepared.
While 42% of cybersecurity leaders said they were actively addressing quantum risk, 33% plan to respond when the risks are more immediate, 24% are waiting to see what actions other companies take, and 2% have no plans to address risks at all.
It's all about perception, however. Companies that view post-quantum cryptography (PQC) as a significant undertaking were more than twice as likely to be taking steps now, with 49% doing so, compared with just 24% of those that consider the risks to be minor or overstated.
“Cryptography is the critical infrastructure of our digital world — it’s what keeps data, systems, and trust intact. But that infrastructure is under threat. Cryptographically relevant quantum computers are coming, and when they do, today’s encryption will break,” said Jordan Rackie, CEO of Keyfactor.
“Our research shows that while awareness is growing, action is lagging,” Rickie added. “Organizations that treat PQC as a strategic priority today will be the ones who lead tomorrow — in security, resilience, and digital trust.”
Quantum cybersecurity threats are on the radar for some
Notably, at nearly half (46%) of companies, cybersecurity teams are leading the charge on championing PQC preparedness, followed by the C-suite at 33%, and board members at 22%.
The main driver for action is, unsurprisingly, cybersecurity, cited by 54%. However, half cited enhanced customer trust, 49% reduced cyber insurance premiums, and 48% a competitive edge.
The challenges, meanwhile, are being exacerbated by a lack of skilled personnel, limited time, and competing priorities, both cited by four-in-ten, with unclear industry standards just behind at 39%.
“Post-quantum cryptography is a once-in-a-generation opportunity to rebuild the foundation of digital trust,” said Chris Hickman, CSO at Keyfactor.
“It will require a full-scale transformation in how we protect every encrypted interaction, file, and transaction – past, present, and future. This transition is about showing leadership, driving innovation, and building a security posture that can stand the test of time.”
Earlier this year, the UK's National Cyber Security Centre (NCSC) published a timeline it said organizations should follow to prepare themselves for quantum threats.
Aimed mainly at large organizations, it warned they should have identified which cryptographic services need upgrades and created a migration plan by 2028.
Similarly, the cybersecurity agency urged enterprises to carry out high-priority upgrades by 2031, refining their plans as PQC evolves. Meanwhile, by 2035 they should have migrated completely to PQC for all systems, services, and products.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- RSAC in focus: Quantum computing and security
- The quantum computing sector needs to cut the hype and focus on responsible development
- Preparing for the quantum computing revolution
-
Low-budget devices are the biggest casualty of the RAM crisisNews Say goodbye to budget devices; vendors are doubling down on high-end options to absorb costs
-
Sectigo taps Clint Maddox to lead global field operationsReviews The appointment follows a year of strong momentum for the security vendor as it expands its global channel footprint
-
Using AI to generate passwords is a terrible idea, experts warnNews Researchers have warned the use of AI-generated passwords puts users and businesses at risk
-
Researchers called on LastPass, Dashlane, and Bitwarden to up defenses after severe flaws put 60 million users at risk – here’s how each company respondedNews Analysts at ETH Zurich called for cryptographic standard improvements after a host of password managers were found lacking
-
‘They are able to move fast now’: AI is expanding attack surfaces – and hackers are looking to reap the same rewards as enterprises with the technologyNews Potent new malware strains, faster attack times, and the rise of shadow AI are causing havoc
-
Ransomware gangs are using employee monitoring software as a springboard for cyber attacksNews Two attempted attacks aimed to exploit Net Monitor for Employees Professional and SimpleHelp
-
Notepad++ hackers remained undetected and pushed malicious updates for six months – here’s who’s responsible, how they did it, and how to check if you’ve been affectedNews Hackers remained undetected for months and distributed malicious updates to Notepad++ users after breaching the text editor software – here's how to check if you've been affected.
-
CISA’s interim chief uploaded sensitive documents to a public version of ChatGPT – security experts explain why you should never do thatNews The incident at CISA raises yet more concerns about the rise of ‘shadow AI’ and data protection risks
-
Former Google engineer convicted of economic espionage after stealing thousands of secret AI, supercomputing documentsNews Linwei Ding told Chinese investors he could build a world-class supercomputer
-
90% of companies are woefully unprepared for quantum security threats – analysts say they need to get a move onNews Quantum security threats are coming, but a Bain & Company survey shows systems aren't yet in place to prevent widespread chaos
