Enterprises are ramping up preparations for a post-quantum world – experts worry it could be too late for many

More than 100 million firms are expected to embrace post-quantum algorithms by 2035, but that's just a drop in the ocean

Nicole Kobie's avatar
By
published
in News
Quantum cybersecurity concept image showing a quantum chip with glowing lights connected to a digital interface and circuit board.
(Image credit: Getty Images)

The post-quantum computing rollout is picking up pace and becoming the default for security companies – but just 27% are set to deploy necessary security precautions in time.

That's according to a study by Juniper Research, which reveals that the number of businesses making use of post-quantum computing (PCQ) algorithms globally will climb from just 35,000 this year to more than 100 million by 2035.

While that's a massive leap, it's just 27% of global businesses, leaving most unprotected from quantum computers cracking data that's now protected by encryption.

While quantum computing remains largely in the experimental phase, companies need to be aware of "Q-day" – the point at which quantum computers can be used to crack existing encryption standards.

That day has long been predicted to happen in the mid-2030s, but Google last month updated its quantum timeline, now predicting that computers capable of breaking existing encryption could arrive within just three years.

Because of that, companies need to switch to quantum-secure algorithms now to avoid data exposure when so-called Q-day occurs.

While the US National Institute of Standards and Technology (NIST) has already developed a list of algorithms that are quantum safe, the industry needs to ensure it switches in good time — but one survey found 90% of companies didn't yet have systems in place to defend against quantum security threats.

Juniper agreed with that assessment, saying in its report that PQC remains a market still "in the early stages of maturity", though early adopters and the security industry are leading the way.

"Early adopters of PQC are deliberately choosing quantum-secure services, but as standards align, security vendors will increasingly offer quantum-secure solutions by default," said VP of Research Nick Maynard.

"Security vendors must move rapidly to establish PQC credentials, or they will be bypassed by faster moving specialists, as the implications of quantum become increasingly high profile."

Time for urgency

One challenge to the shift is the differing predictions of when Q-day will hit, the report noted.

"As predictions for ‘Q-Day’ are so variable and inconsistent from analysts, it is difficult to instill a sense of urgency and importance for the replacement of classical encryption methods with quantum-resistant options," Juniper said.

That's a problem because of "harvest now, decrypt later" attacks, researchers warned.

This is a tactic in which attackers gather encrypted data now, with an eye on waiting for the arrival of more sophisticated quantum computers capable of cracking it.

Juniper noted that five years is the widely held recommendation for the length of time between Q-day and when a company should shift to post-quantum cryptography – if Google is correct, it's already too late for those who have yet to get started on the switch.

Quantum by default

Juniper noted that it's difficult to know exactly how quantum computers will work with regards to PQC, so it's vital to stay agile and be ready with backup algorithms amid the race to become quantum safe.

“Focusing on crypto-agility — meaning enabling organisations to quickly change their cryptography to meet new developments — is a key policy for keeping cryptography strategies flexible," said Maynard. "This will enable organisations to invest in PQC now, without tying themselves down to a specific cryptographic deployment."

The analyst firm also pointed to hybrid PQC as a "bridge" between current encryption and quantum safe techniques, without as much disruption as implementing full PQC. Cloud-based services are another option for scalability while maintaining agility, Juniper added.

Juniper said organizations should create a priority list to help shift different elements of their business and infrastructure to PQC, while security vendors must encourage businesses to shift to an agile approach.

FOLLOW US ON SOCIAL MEDIA

Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.

Nicole Kobie
Nicole Kobie

Freelance journalist Nicole Kobie first started writing for ITPro in 2007, with bylines in New Scientist, Wired, PC Pro and many more.

Nicole the author of a book about the history of technology, The Long History of the Future.

Latest
You might also like
View More ▸