Introduction
The advent of quantum computing poses a significant threat to current encryption standards, with many businesses yet to adopt post-quantum cryptography (PQC) despite the looming risks. A recent survey highlights the gap between awareness and preparedness among organizations, emphasizing the need for proactive measures to safeguard encrypted data against future quantum threats.
Description
The majority of businesses in the US [1] [3], UK [1] [3], and Australia have not yet deployed post-quantum cryptography (PQC) [1] [3], despite a significant 69% of organizations anticipating that quantum computing could compromise current encryption standards within five years, according to a recent survey by DigiCert [1] [3]. This survey included around 1000 senior and C-level cybersecurity managers [1] [3], with nearly half representing companies with over 1000 employees. Alarmingly, only 5% reported having implemented quantum-safe encryption measures, while 38% felt “very prepared” and 19% considered themselves “extremely prepared” for the threats posed by cryptographically relevant quantum computers (CRQCs) [1] [3], which can solve the mathematical problems underpinning modern asymmetric encryption [3]. Additionally, a substantial 46.4% of respondents indicated that a significant portion of their encrypted data is at risk [4], highlighting a considerable gap between awareness of quantum threats and actual preparedness.
Experts warn that the quantum threat may already be present, raising concerns about “store now decrypt later” (SNDL) attacks [1] [3], where attackers collect encrypted data for future decryption when CRQCs become available [3]. The National Cyber Security Centre (NCSC) has indicated that adapting to PQC may take a decade [1] [3], emphasizing the complexity of the transition [1]. Larger enterprises in critical sectors are urged to begin planning for quantum safety [1] [3], as the necessary changes are likened to the challenges of addressing the Millennium Bug [1].
DigiCert outlines four essential steps for organizations to enhance their security posture against post-quantum cyberattacks and develop a quantum readiness plan:
- Inventory cryptographic assets [1] [3], prioritize them based on criticality [1] [3], and determine which need upgrading or replacement [3].
- Focus on replacing long-term trusted encryption algorithms [1] [3], particularly those used for roots of trust and firmware in long-lived IoT devices [3].
- Explore and test the integration of PQC algorithms into existing systems [3], with cryptographic libraries and security software beginning to incorporate these algorithms now [3].
- Achieve crypto-agility by gaining comprehensive visibility into cryptographic environments and establishing methods for deploying encryption technologies and responding swiftly to security issues [3].
Kevin Hilscher from DigiCert characterizes the shift to PQC as an “inflection point” in enterprise security [1], recommending that organizations start their quantum readiness plans with asset discovery [1], risk assessment [1] [2] [4], and the establishment of crypto-agility. Dr. Jim Goodman [2] [4], CTO at Crypto4A [2] [4], emphasizes that migrating to PQC is a foundational shift requiring cross-functional coordination and hardware upgrades. He underscores the importance of proactive management of crypto assets to ensure a secure digital future, highlighting the urgency for organizations to take early action in developing their quantum readiness plans.
Conclusion
The transition to post-quantum cryptography is not merely a technical upgrade but a strategic imperative for organizations aiming to secure their digital assets against future threats. As quantum computing capabilities advance, the potential for current encryption methods to be rendered obsolete becomes increasingly likely. Organizations must prioritize the development of quantum readiness plans, focusing on inventorying and upgrading cryptographic assets, integrating PQC algorithms [1], and achieving crypto-agility [1] [3]. Proactive measures today will mitigate risks and ensure a secure digital future in the face of quantum advancements.
References
[1] https://ciso2ciso.com/just-5-of-enterprises-have-deployed-quantum-safe-encryption-source-www-infosecurity-magazine-com/
[2] https://www.globenewswire.com/news-release/2025/05/08/3077339/0/en/Quantum-Readiness-Gap-DigiCert-Study-Finds-Just-5-of-Enterprises-Have-Quantum-Safe-Encryption-in-Place.html
[3] https://www.infosecurity-magazine.com/news/just-5-enterprises-quantumsafe/
[4] https://www.digicert.com/news/quantum-readiness-gap-a-digicert-study-on-quantum-safe-encryption
