- Many business leaders are unprepared for the cybersecurity risk posed by quantum computers.
- National cybersecurity agencies across the globe are beginning to take positions on the quantum threat.
- The World Economic Forum and Deloitte have formulated a list of five principles to ensure quantum readiness in business.
To mitigate systemic threats to the global economy, the quantum computing revolution requires changes to how organizations secure data and communications. In the future, sufficiently powerful quantum computers will be able to disrupt businesses by breaking some of the cryptographic foundations used to protect vast amounts of data and transactions. Dealing with this risk will require organizations to adopt quantum-secure technologies, which will likely be a complex and time-intensive undertaking. The time to act is now, but many leaders do not know where to start.
The attention paid to managing this quantum risk is ramping up across the globe. For example, in Europe, the French and German cybersecurity agencies have taken positions on how to help mitigate this danger. The United States is probably the furthest ahead, though. It has begun formalizing its stance with a series of federal actions published over the last couple of years: most notably, last year’s memorandum of the Office of Management and Budget (OMB) requiring federal agencies to create a prioritized inventory of information systems that use cryptography vulnerable to quantum computers.
A recent report shows that these activities are still a work in progress, most notably due to the endemic nature of cryptography today, which highlights some of the challenges that large global organizations will face as they prepare to become quantum secure.
5 guiding principles for quantum cybersecurity
In 2021, the World Economic Forum, in collaboration with Deloitte, embarked on an initiative to help organizations prepare for their quantum-readiness journey. In 2022, they developed the Transitioning to a Quantum-Secure Economy white paper, which offers leaders guidance on enabling a secure transition to the quantum economy.
Guiding principles to ensure the quantum-secure transition. Image: World Economic Forum/Deloitte
The latest milestone in this collective initiative is the creation of the Quantum Readiness Toolkit, which expands on the guidelines and is enriched with insights from global industry leaders. The five high-level principles provide more detailed suggested activities that are based on the quantum readiness framework established in the original white paper. This new resource helps organizations assess their quantum security awareness and prioritize next steps for quantum readiness.
- Ensure the organizational governance structure institutionalizes quantum risk. Defining clear goals and responsibilities and making your leaders care is essential to a successful transformation.
- Raise quantum-risk awareness throughout the organization. Leaders, security experts and risk managers need to know what quantum risk is and how it will affect them.
- Treat and prioritize quantum risk alongside existing cyber-risks. A structured and cohesive risk-management approach helps build resiliency towards emerging risks.
- Make strategic decisions for future technology adoption. Leverage this opportunity to transform your technology landscape to one that enables you to be “crypto agile”.
- Encourage collaboration across ecosystems. Work together with partners to jointly identify systemic risks and mitigate them.
To successfully implement these principles, several things are key. Firstly, leaders and teams need to be aware of how mitigating quantum risk is an essential step for future-oriented and resilient organizations. Without sufficient awareness and support, quantum security transformations are bound to fall short of their goals. Secondly, leaders must recognize there is no “quick fix”. They must invest in people, process and technology to have a comprehensive and effective answer to quantum risk. But what is most important is that the time to act is now. The quantum threat may feel distant; but the longer organizations wait, the greater the risk of running out of time. Preparing now might benefit organizations’ cyber resilience in other ways as well.
It is important that leaders remain engaged and committed to act on quantum risk. The ecosystem can support them in doing so. Narrowing down a overwhelming problem to an overview of concise and tangible steps for leaders to take will make things easier. Integrating quantum cyber readiness requirements into existing cybersecurity frameworks, such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework, may also help, since that is often the language that security leaders already speak. But in the end, it is essential that organizations such as the World Economic Forum keep disseminating insights and guidance to demystify quantum risk and to promote worldwide action. The Quantum Readiness Toolkit is another important step in this direction, and others will surely follow.
This article first appeared on the World Economic Forum.