A new white paper, developed collaboratively by Deloitte and the World Economic Forum (WEF), shines light on what organizations might face when quantum computers materialize and threaten some existing cryptographic algorithms, as well as discusses what steps organizations can take to keep their data secure in the quantum era.
Quantum might seem like a buzzword, but it already has some real-life implications for many fields and industries. The latest developments in the application of quantum mechanics, specifically when used in creating quantum computers, should enable organizations to speed up complicated mathematical processes often used within research and development, data science, and other fields requiring large computing power. However, these advances in computational capability will threaten cryptographic algorithms which rely on mathematical complexity as the bedrock of their security. This means that some forms of cryptography like public-key cryptography will likely be cracked with quantum computers. This means organizations need to rethink how they use cryptography so that online transactions, secure messaging, and digital signatures stay safe in the future.
Although this might seem like a relatively straightforward issue, it is not. Not only does the transition to quantum-safe cryptography (also called Post-Quantum Cryptography, PQC) take years, scientists are not sure when quantum computers will be powerful and stable enough to crack public-key cryptography. This leads to a dilemma for leaders responsible for cybersecurity: should I invest now in a threat that has not yet materialized? Exacerbating this ambiguity on timing is the fact that attackers today are already harvesting data with a view to being able to decrypt it at a later date when quantum computers are sufficiently mature – in so-called “Harvest-now, Decrypt-later” attacks.
Together with the World Economic Forum, we take a look at the threat of quantum computers to cybersecurity with business leaders, policymakers, NGOs (non-governmental organization), regulators, and academics. Many organizations indicated that more guidance is needed on "how and when" they need to act. At the same time, organizations can start preparing for the quantum threat by:
This report calls for business leaders, policymakers, NGOs, academics, and regulators to consider today how the quantum threat might not only affect them, but also their ecosystem and industry. Cooperating across organizations might boost readiness for the quantum threat and help mitigate third-party risk.