Research from Bain & Company reveals a troubling trend among business executives: 90% admit they do not have a security plan addressing the impending threats posed by quantum computing. With the technology rapidly approaching a tipping point, the potential for malicious actors to breach encrypted data is becoming alarmingly real.
According to Bain’s findings, a significant 71% of surveyed executives believe that quantum-enabled attacks could materialize within five years, while a third anticipate these threats could emerge even sooner, within three years. Despite this urgency, many businesses remain unprepared. The report highlights that the transition to quantum-resistant solutions could take organizations up to five years to implement fully.
Challenges in Transitioning to Quantum Security
Bain’s analysis indicates that organizations will face numerous hurdles in adapting to the quantum landscape. These include identifying vulnerable systems, upgrading cryptographic infrastructure, and aligning with evolving standards. The firm expressed concerns, stating that organizations heavily reliant on legacy systems may be particularly at risk, making them more appealing targets for cybercriminals.
The report emphasizes the need for swift action, urging business leaders to prioritize preparations rather than delaying for years. A company blog post noted, “Boards and executives should prioritize and resource the necessary work to guard against this rising threat before it’s too late.”
Industry Awareness and Existing Initiatives
Despite the lack of preparedness, Bain found that nearly 65% of IT and cybersecurity leaders recognize the risks associated with quantum computing and anticipate its negative impact on cybersecurity. Some companies are beginning to take proactive measures to strengthen their defenses.
For instance, Cloudflare has collaborated with Google to enhance quantum security for the web, particularly focusing on post-quantum cryptography (PQC). Additionally, Viavi Solutions is working on frameworks and reference architectures to implement quantum-safe security across telecommunications and enterprise networks.
Bain’s findings echo previous studies, including a survey conducted by ISACA in May 2023, which revealed that 62% of 2,600 global IT and cybersecurity professionals expressed concern over quantum computing’s ability to compromise encryption. Interestingly, just over half, 57%, acknowledged it would introduce new business risks.
Despite this awareness, ISACA’s report highlighted a lack of action. Around 40% of respondents were unaware of their organization’s plans regarding quantum threats, while 41% had no strategies in place to mitigate potential risks. Alarmingly, only 5% of respondents viewed addressing quantum threats as a high priority for the near future, even with a quarter of them predicting quantum’s widespread implementation within five years.
Rob Clyde, former chair of ISACA’s board and current chairman of Crypto Quantique, stressed the urgency of addressing these issues. He wrote, “If we don’t move now to start solving issues like re-encrypting our data, switching to new digital signatures and moving our systems over to new algorithms, we are creating problems that will become increasingly difficult to address.”
As the threat of quantum computing becomes more tangible, organizations must act decisively to safeguard their systems and data. The time for planning is now, not in the distant future.
