Skip to main content

Managing the quantum cybersecurity threat

Cryptographic agility in the quantum era

A new white paper, developed collaboratively by Deloitte and the World Economic Forum (WEF), shines light on what organisations might face when quantum computers materialise and threaten some existing cryptographic algorithms, as well as discusses what steps organisations can take to keep their data secure in the quantum era.

Quantum might seem like a buzzword, but it already has some real-life implications for many fields and industries. The latest developments in the application of quantum mechanics, specifically when used in creating quantum computers, should enable organisations to speed up complicated mathematical processes often used within research and development, data science and other fields requiring large computing power. However, these advances in computational capability will threaten cryptographic algorithms which rely on mathematical complexity as the bedrock of their security. This means that some forms of cryptography like public-key cryptography will likely be cracked with quantum computers. This means organisations need to rethink how they use cryptography so that online transactions, secure messaging and digital signatures stay safe in the future.

Although this might seem like a relatively straightforward issue, it is not. Not only does the transition to quantum-safe cryptography (also called Post-Quantum Cryptography, PQC) take years, scientists are not sure when quantum computers will be powerful and stable enough to crack public-key cryptography. This leads to a dilemma for leaders responsible for cybersecurity: should I invest now in a threat that has not yet materialised? Exacerbating this ambiguity on timing is the fact that attackers today are already harvesting data with a view to being able to decrypt it at a later date when quantum computers are sufficiently mature – in so-called “Harvest-now, Decrypt-later” attacks.

Together with the World Economic Forum, we take a look at the threat of quantum computers to cybersecurity with business leaders, policymakers, NGOs (non-governmental organisation), regulators and academics. Many organisations indicated that more guidance is needed on "how and when" they need to act. At the same time, organisations can start preparing for the quantum threat by:

  • creating awareness and educating senior leaders on the quantum threat before it fully materialises so that updates to cryptography are not done in a reactive mode
  • developing an initial strategy and roadmap, including considerations for various solutions and technologies, including crypto-agile solutions, that permit quick interchanges of cryptographic algorithms
  • ensuring executive buy-in before the threat materialises
  • leveraging hybrid solutions, where having the security of classical solutions is layered with novel post-quantum technologies

This report calls for business leaders, policymakers, NGOs, academics and regulators to consider today how the quantum threat might not only affect them, but also their ecosystem and industry. Cooperating across organisations might boost readiness for the quantum threat and help mitigate third-party risk.

Key Contacts

Executive Sponsors

Emily Mossburg
Deloitte Global Cyber Leader
emossburg@deloitte.com

Deborah Golden
Deloitte US Cyber & Strategic Risk Leader
debgolden@deloitte.com

WEF Quantum Security Platform Fellow and project co-leads

Colin Soutar
Deloitte US Quantum Cyber Readiness Leader, Cyber & Strategic Risk
csoutar@deloitte.com

Isaac Kohn
Deloitte Global Cyber Operate Transformation Leader
ivkohn@deloitte.ch

WEF Quantum Security Project Fellows

Itan Barmes
Deloitte Netherlands (NSE) Specialist Leader, Risk Advisory
ibarmes@deloitte.nl

Anne Ardon
Deloitte Netherlands (NSE) Junior Manager, Risk Advisory
AArdon@deloitte.nl

Did you find this useful?

Thanks for your feedback

If you would like to help improve Deloitte.com further, please complete a 3-minute survey