Despite Rising Concerns, 95% of Organizations Lack a Quantum Computing Roadmap, ISACA Finds

SCHAUMBURG, Ill.--(BUSINESS WIRE)--While 62 percent of technology and cybersecurity professionals are worried that quantum computing will break today’s internet encryption, only 5 percent say it’s a high priority for the near future, and just 5 percent say their organizations have a defined quantum computing strategy, according to new research from ISACA’s global Quantum Computing Pulse Poll.

Despite rising concerns, 95% of organizations lack a quantum computing roadmap, ISACA finds.

Share

More than 2,600 global professionals in digital trust, cybersecurity, IT audit, governance and risk were surveyed in this inaugural ISACA poll on the perceptions and preparations around quantum computing.

Potential for both transformation and risk
Quantum computing has revolutionary potential; however, there are also clear concerns about the risks it presents. Nearly half (48 percent) are very or somewhat optimistic about quantum computing’s impact in their sector/industry, 63 percent believe it will speed up computational tasks or data analysis significantly, and 46 percent say it will create revolutionary innovations. However, many anticipated outcomes of quantum require significant preparation. Sixty-three percent say quantum will increase or shift cybersecurity risks and 57 percent say it will create new business risks.

Poll respondents (62 percent) are worried about quantum computing breaking today’s internet encryption before browsers and websites fully implement the new post quantum cryptography algorithms approved by National Institute of Standards and Technology (NIST) standards. They are also focused on the potential for cybercriminals to start collecting encrypted data now and decrypt it once quantum computing becomes viable—with 56 percent citing the practice, known as “harvest now, decrypt later,” as a concern.

“Many organizations underestimate the rapid advancement of quantum computing and its potential to break existing encryption,” says Jamie Norton, ISACA board director. “They need to start examining whether they have the expertise to implement post-quantum cryptography solutions now, to ensure they are able to effectively mitigate its impacts.”

Despite expected impacts, planning continues at a slow pace
It appears many organizations have not yet mobilized to prepare for these coming changes. Forty percent are not aware of their company’s plans, and 41 percent say they do not plan to address quantum computing at this time—even though 25 percent believe that the transformative potential of quantum computing will be realized on an industry-wide scale within the next five years, and 39 percent feel it will happen in six to 10 years.

When asked about how their organization views quantum computing within its current technology or innovation strategy:

• 5 percent consider it a high priority for near-term planning
• 15 percent say it is on their long-term roadmap but not a near-term priority
• 19 percent say they have discussed it but not made any formal plans
• 37 percent have not discussed quantum computing at all
• 24 percent don’t know

Additionally, only 7 percent of the poll respondents say they have a strong understanding of the new NIST standards, even though NIST has been working on them for more than 10 years. Forty-four percent admit they have never heard of them.

Taking action, prioritizing quantum skills
More than half (55 percent) of enterprises have not taken steps to prepare for quantum computing. Additionally, a third of global cyber and IT professionals (30 percent) do not have a good understanding of the capabilities of quantum computing, indicating there is work to do to upskill and educate those working in the IT sector to have a skilled workforce ready for the advent of quantum.

Rob Clyde, chairman, Crypto Quantique, and past ISACA board chair, notes that digital trust professionals should educate stakeholders about quantum computing risks and the urgent need for post-quantum solutions. “Start by 1) identifying where encrypted data are stored and devices that use encryption, 2) developing a plan to transition to post-quantum cryptography prioritizing critical data and systems, and 3) continuously monitoring for updated software and firmware with post-quantum cryptography,” said Clyde, who is presenting on this topic at the ISACA North America Conference in May. “Waiting until quantum computing is here is too late, especially given today’s harvest-now, decrypt-later threat.”

Learn more about ISACA’S Quantum Computing Pulse Poll at www.isaca.org/quantum-pulse-poll.

About ISACA
For more than 55 years, ISACA^® (www.isaca.org) has empowered its community of 185,000+ members with the knowledge, credentials, training and network they need to thrive in fields like information security, governance, assurance, risk management, data privacy and emerging tech. With a presence in more than 190 countries and with nearly 230 chapters worldwide, ISACA offers resources tailored to every stage of members’ careers. Through the ISACA Foundation, ISACA also expands IT and education career pathways, fostering opportunities to grow the next generation of technology professionals.