A new white paper, developed collaboratively by Deloitte and the World Economic Forum (WEF), shines light on what organisations might face when quantum computers materialise and threaten some existing cryptographic algorithms, as well as discusses what steps organisations can take to keep their data secure in the quantum era.
Quantum might seem like a buzzword, but it already has some real-life implications for many fields and industries. The latest developments in the application of quantum mechanics, specifically when used in creating quantum computers, should enable organisations to speed up complicated mathematical processes often used within research and development, data science and other fields requiring large computing power. However, these advances in computational capability will threaten cryptographic algorithms which rely on mathematical complexity as the bedrock of their security. This means that some forms of cryptography like public-key cryptography will likely be cracked with quantum computers. This means organisations need to rethink how they use cryptography so that online transactions, secure messaging and digital signatures stay safe in the future.
Although this might seem like a relatively straightforward issue, it is not. Not only does the transition to quantum-safe cryptography (also called Post-Quantum Cryptography, PQC) take years, scientists are not sure when quantum computers will be powerful and stable enough to crack public-key cryptography. This leads to a dilemma for leaders responsible for cybersecurity: should I invest now in a threat that has not yet materialised? Exacerbating this ambiguity on timing is the fact that attackers today are already harvesting data with a view to being able to decrypt it at a later date when quantum computers are sufficiently mature – in so-called “Harvest-now, Decrypt-later” attacks.
Together with the World Economic Forum, we take a look at the threat of quantum computers to cybersecurity with business leaders, policymakers, NGOs (non-governmental organisation), regulators and academics. Many organisations indicated that more guidance is needed on "how and when" they need to act. At the same time, organisations can start preparing for the quantum threat by:
This report calls for business leaders, policymakers, NGOs, academics and regulators to consider today how the quantum threat might not only affect them, but also their ecosystem and industry. Cooperating across organisations might boost readiness for the quantum threat and help mitigate third-party risk.
Executive Sponsors
Emily Mossburg
Deloitte Global Cyber Leader
emossburg@deloitte.com
Deborah Golden
Deloitte US Cyber & Strategic Risk Leader
debgolden@deloitte.com
WEF Quantum Security Platform Fellow and project co-leads
Colin Soutar
Deloitte US Quantum Cyber Readiness Leader, Cyber & Strategic Risk
csoutar@deloitte.com
Isaac Kohn
Deloitte Global Cyber Operate Transformation Leader
ivkohn@deloitte.ch
WEF Quantum Security Project Fellows
Itan Barmes
Deloitte Netherlands (NSE) Specialist Leader, Risk Advisory
ibarmes@deloitte.nl
Anne Ardon
Deloitte Netherlands (NSE) Junior Manager, Risk Advisory
AArdon@deloitte.nl