Quantum computing is poised to revolutionize many sectors, from defense and healthcare to material science and communications. Yet it is also positioned to disrupt conventional cryptography, threatening the world’s digital economy and upending power dynamics around the globe. This potential for upheaval causes post-quantum cryptography (PQC) to be perceived by some organizations as an existential threat – too big to conceive, let alone prepare for. However, in many ways the post-quantum (PQ) era is already here with “Harvest Now, Decrypt Later” style attacks that target long-life data like financial records and government intelligence.
With that lens, we partnered with Ponemon Institute for the 2024 PKI and Post-Quantum Trends Study, an opportunity to dive into the state of PQ preparedness around the world.
U.S. Leads in PQ Preparedness
Close to half of U.S. organizations (48%) are actively preparing for PQ, higher than the global average of 41% and significantly higher than the 34% in the Middle East. The U.S. also tops the list of organizations that have at least evaluated the potential impact of PQ at 33%. Plus, only 12% of U.S. organizations have not considered the potential PQ threat vs. the global benchmark of 27%. Recognizing that the race for quantum computing supremacy also depends on the availability of PQC standards, the U.S. again leads the way with new NIST standards published.
Getting PQ Prepared
The majority of CISOs know PQ is on the horizon, with 61% of global organizations planning to migrate to PQC within the next five years. For those preparing, the majority are at the crypto strategy build stage (44%), followed by those taking an inventory of their crypto assets and assessing crypto-agility (38%).
Once the decision to migrate is made, the how is relatively consistent across countries with implementation of pure PQC as the most desired global choice at 36%, followed by a hybrid approach combining traditional crypto with PQC favored by 31% of global respondents. Another 26% report testing PQC with their organization’s systems and applications. It should be noted that both the U.S. NSA and UK NCSC guidance favor a pure PQC approach, citing concerns over the cyber risk, overhead, and added complexity associated with a hybrid model.
Navigating the PQ Journey
Globally, the top four concerns that could impede an organization’s successful transition to PQC are:
- An inability to inventory crypto assets (43%)
- Trusting newly proposed PQC algorithms that may not be secure (40%)
- Lack of necessary scale and technologies to support the extra computing power required by new PQC algorithms (38%)
- Difficulty creating an enterprise-wide strategy (37%)
Apart from Australia/New Zealand and Singapore, all countries reported the inability to inventory their crypto assets as a top three concern – after all, you can’t manage what you can’t see. As well, there’s considerable concern over the security of proposed new PQC algorithms, particularly among U.S. and other Western organizations.
Don’t Leave Your Organization PQ Vulnerable
The quantum threat to digital security is an imminent and global challenge. Don’t leave your organization unnecessarily exposed. Assess your PQ-preparedness plan today with this self-assessment and explore our post-quantum cryptography solutions. As well, download a copy of the full 2024 PKI and Post-Quantum Trends Study.