Skip to main content

The Existential Threat: Preparing for Post-Quantum Cryptography

Oct

25

2024

Time to read

Read so far

Written by: 

Jenn Markey

Time to read

Written by: 

Image of a building with a timelapse

Quantum computing is poised to revolutionize many sectors, from defense and healthcare to material science and communications. Yet it is also positioned to disrupt conventional cryptography, threatening the world’s digital economy and upending power dynamics around the globe. This potential for upheaval causes post-quantum cryptography (PQC) to be perceived by some organizations as an existential threat – too big to conceive, let alone prepare for. However, in many ways the post-quantum (PQ) era is already here with “Harvest Now, Decrypt Later” style attacks that target long-life data like financial records and government intelligence.

With that lens, we partnered with Ponemon Institute for the 2024 PKI and Post-Quantum Trends Study, an opportunity to dive into the state of PQ preparedness around the world.

U.S. Leads in PQ Preparedness

Close to half of U.S. organizations (48%) are actively preparing for PQ, higher than the global average of 41% and significantly higher than the 34% in the Middle East. The U.S. also tops the list of organizations that have at least evaluated the potential impact of PQ at 33%. Plus, only 12% of U.S. organizations have not considered the potential PQ threat vs. the global benchmark of 27%. Recognizing that the race for quantum computing supremacy also depends on the availability of PQC standards, the U.S. again leads the way with new NIST standards published.

Getting PQ Prepared

The majority of CISOs know PQ is on the horizon, with 61% of global organizations planning to migrate to PQC within the next five years. For those preparing, the majority are at the crypto strategy build stage (44%), followed by those taking an inventory of their crypto assets and assessing crypto-agility (38%).

Once the decision to migrate is made, the how is relatively consistent across countries with implementation of pure PQC as the most desired global choice at 36%, followed by a hybrid approach combining traditional crypto with PQC favored by 31% of global respondents. Another 26% report testing PQC with their organization’s systems and applications. It should be noted that both the U.S. NSA and UK NCSC guidance favor a pure PQC approach, citing concerns over the cyber risk, overhead, and added complexity associated with a hybrid model.

Navigating the PQ Journey

Globally, the top four concerns that could impede an organization’s successful transition to PQC are:

  • An inability to inventory crypto assets (43%)
  • Trusting newly proposed PQC algorithms that may not be secure (40%)
  • Lack of necessary scale and technologies to support the extra computing power required by new PQC algorithms (38%)
  • Difficulty creating an enterprise-wide strategy (37%)

Apart from Australia/New Zealand and Singapore, all countries reported the inability to inventory their crypto assets as a top three concern – after all, you can’t manage what you can’t see. As well, there’s considerable concern over the security of proposed new PQC algorithms, particularly among U.S. and other Western organizations.

Don’t Leave Your Organization PQ Vulnerable

The quantum threat to digital security is an imminent and global challenge. Don’t leave your organization unnecessarily exposed. Assess your PQ-preparedness plan today with this self-assessment and explore our post-quantum cryptography solutions. As well, download a copy of the full 2024 PKI and Post-Quantum Trends Study.

jenn-markey-headshot
Jenn Markey
Advisor, Entrust Cybersecurity Institute
Jenn Markey is a content advisor and thought leader with the Entrust Cybersecurity Institute. Her previous roles with Entrust include VP Product Marketing for the Payments and Identity portfolio and Director Product Marketing for the company’s Identity and Access Management (IAM) business. Jenn brings 25+ years of high tech product management, business development, and marketing experience to the Entrust Cybersecurity Institute with significant expertise in content development and curation.
View all of Jenn's Posts
Facebook