The Quantum Readiness Gap: Why ISACA’s Poll Shows 95% Aren’t Prepared for What’s Coming
Quantum Computing. It’s a term that evokes images of futuristic breakthroughs, solving complex problems currently beyond the reach of even the most powerful supercomputers. Its potential applications in medicine, materials science, and AI are truly revolutionary.
But for those of us in cybersecurity and data protection, Quantum Computing also casts a long, looming shadow. It threatens to break the foundational encryption algorithms that secure virtually all digital transactions, communications, and stored sensitive data today. This isn’t a distant, abstract threat; it’s a tangible risk on the horizon.
That’s why the findings from ISACA’s inaugural Quantum Computing Pulse Poll are so striking – and frankly, concerning. The poll, surveying over 2,600 digital trust, cybersecurity, IT audit, governance, and risk professionals globally, reveals a significant disconnect: While the potential impact of Quantum Computing is profound, a staggering 95% of organizations surveyed do not have a defined quantum strategy in place.
ISACA Board Director Jamie Norton commented on Quantum Computing that it “just hasn’t had the ground swell of noise that something like AI has had,” despite being “as revolutionary as AI.” Perhaps because there’s no “mini version of Quantum” readily visible, many organizations struggle to grasp its immediate relevance or impending threat. The poll data supports this inertia: 41% do not plan to address quantum computing at this time, and 37% haven’t even discussed it.
Yet, the clock is ticking.
The “Harvest Now, Decrypt Later” Reality
One of the most critical takeaways from the ISACA report, and one that should send shivers down the spine of anyone responsible for sensitive data, is the concern around the “harvest now, decrypt later” threat. 56% of respondents cited this as a worry.
What does this mean? It means that malicious actors, including nation-states, are already stealing and storing vast quantities of encrypted data today – financial records, health information, government secrets, intellectual property – with the explicit intention of decrypting it later, once powerful quantum computers capable of breaking current encryption standards become available.
For organizations holding data that needs to remain confidential for years or even decades, this isn’t a future problem; it’s an attack happening today.
The Post-Quantum Cryptography (PQC) Gap
The good news is that the cybersecurity community, led by bodies like the US National Institute of Standards and Technology (NIST), has been working on developing Post-Quantum Cryptography (PQC) algorithms – new forms of encryption designed to be resistant to attacks from both classical and quantum computers. NIST has been finalising standards, providing a path forward.
The bad news, highlighted by the ISACA poll, is the low level of awareness and preparedness regarding these PQC standards. 44% of respondents had never even heard of the NIST standards, and only 7% claimed a strong understanding.
This lack of knowledge translates directly into a lack of action. Among the small percentage of organizations that have taken steps, only 38% are exploring quantum-safe cryptography. This is the core of the “readiness gap.”
Why Delay is Dangerous
Implementing PQC is not a simple flip of a switch. It requires:
- Assessment: Understanding your data landscape, identifying critical data assets, and evaluating your current cryptographic inventory.
- Planning: Developing a migration strategy, which can be complex, especially in large, distributed environments.
- Implementation & Testing: Integrating new algorithms into systems, applications, and hardware, followed by rigorous testing.
- Skills Development: Training staff on new cryptographic principles and technologies (52% in the poll believe quantum will change skill needs).
This transition will take time – likely several years for most complex organizations. Given that 25% of respondents believe the industry-wide impact will be felt within five years, and 39% within 6 to 10 years, the timeline for starting planning and action is not negotiable; it is now.
As Mr. Norton rightly states, “Planning needs to start today so by the time 2030 or whenever it is we are at least somewhat prepared.”
Bridging the Gap with Expertise
Addressing the quantum threat and implementing PQC requires deep expertise in cryptography and data security – the kind of expertise that has been foundational to Senetas for decades. We understand the complexities of protecting high-value, sensitive data in transit and at rest.
As organizations begin to navigate the challenge of assessing their cryptographic posture and exploring quantum-safe solutions, partnering with specialists who understand the nuances of high-assurance encryption is critical. We are actively engaged in understanding and preparing for the PQC transition, ensuring that our solutions can evolve to protect your most critical data against both current and future threats, including the “harvest now, decrypt later” risk.
Your Call to Action Starts Today
The ISACA poll is a wake-up call. The quantum threat is real, preparedness is low, and the window for proactive action is closing. Take action now to safeguard your data against the risks of future quantum breaches.
Start your quantum readiness journey today:
- Assess your data: Identify your most sensitive, long-lived data assets vulnerable to “harvest now, decrypt later.”
- Educate your team: Begin building internal awareness and understanding of the quantum threat and PQC concepts.
- Start Planning: Discuss the quantum threat at the executive level and begin exploring how PQC will impact your security architecture.
- Seek Expertise: Engage with specialists like Senetas who can guide you through the assessment and planning phases for PQC migration.
The time to act is now. Let’s work together to ensure your data remains secure, not just today, but in the quantum future.
