While it may seem that quantum computers belong in the world of science fiction, the reality is that they are a rapidly progressing piece of technology that will have huge impacts across many industries – none more so than security. There is an ever-growing concern over how the emergence of large-scale quantum computers will impact the cybersecurity threat landscape, and what risks this will pose to organisations. The level of preparation that organisations do now will be critical to limit the exposure and vulnerability they have to these threats, making quantum risk planning a priority today.
What does this mean for organisations?
Quantum computers leverage the principles of quantum mechanics to deliver exponentially faster processing power than current classical computers, and the development of this technology is well underway. In 2022, a 66-qubit quantum computer ‘Zuchongzhi 2.1’ solved a problem in 4 hours that would have taken a state-of-the-art supercomputer 48,000 years1. Quantum technology continues to rapidly develop, and IBM are currently on track deliver a 1,121-qubit quantum processor by the end of 20232. The fast-paced development in quantum technology is a direct result of vast global investment in the industry; the World Economic Forum estimates that the total government and business investment in this field reached $35.5 billion globally in 20223. These investment figures show no sign of slowing down, indicating that the development of this technology will only accelerate in the coming years.
As we get closer to the “quantum revolution”, organisations will be able to leverage this unprecedented computational power to optimise a number of security processes including, but not limited to:
- Threat intelligence using enhanced machine learning algorithms to detect threat patterns;
- Identifying and analysing alerts with a reduction in the rate of false positives;
- Vulnerability scanning with improved efficiency in identifying points of weakness in an organisation’s network.
Whilst the vast capabilities of quantum computers will provide many benefits to organisations, the development of this technology also comes with certain risks – the most obvious one being data protection. Quantum computers will be able to brute force their way through many current cryptographic algorithms at an alarming speed, rendering many existing encryption methods ineffective, allowing an attacker to access and exploit sensitive data.
According to the Global Risk Institute’s Quantum Threat Timeline Report, published in December 2022, the majority of experts believe that within 15 years, there is a high probability that quantum computers will be able to break public key cryptography (e.g. RSA-2048) within 24 hours4.
Whilst some industries are more vulnerable to the quantum threat than others, all organisations are required by regulations, such as GDPR, to secure the data they store. Whether that data consists of personal customer information, medical records, or government classified data, a breach of this nature may have catastrophic financial, reputational, or legal consequences. It is possible that organisations are currently unaware of cyber attackers already accessing and storing encrypted company data, with the aim of decrypting it in the future using a quantum computer. It is therefore critical that organisations not only incorporate preparation for the quantum threat in their long-term risk planning, but also begin to strengthen their data protection measures now. This will ensure that sensitive and critical data is protected, minimising the potential impact of these tools once they become available.
What can you do to prepare?
While quantum computing may seem like a far future concept, the technology will have major consequences across cyber security, and may require a period of fast-paced changes to cryptographic methods as attackers compete with security teams to take advantage of the technology and the protections it will both offer and require. NIST is currently working in partnership with industry experts to develop quantum-safe encryption methods. Whilst this is an area that is still undergoing continuous research, quantum-safe solutions do currently exist. Organisations can start to prepare by:
- Gaining a good understanding of their potential risk exposure across their value chain;
- Identifying methods to become more agile in updating and deploying new cryptographic techniques as they become available;
- Creating end of life strategies for data, products, and systems which will become obsolete or unable to support the cyber security requirements of a quantum computing world.
These advancements in quantum technology have already sparked President Biden to sign a new law encouraging federal government agencies to prepare their migration to post-quantum cryptography, and it would be remiss to assume that European regulations will not follow suit5. As local regulators begin to get involved in quantum security, organisations will need to rethink their strategic approach to cyber security, including policy, compliance, and risk management.
As organisations begin to panic, the demand for quantum solutions will skyrocket, and with this increase in demand comes an increased cost, and limited availability of service providers. It is, therefore, recommended that organisations are proactive in quantum risk planning to avoid falling behind the curve with the latest developments. Even with immediate action, it is not guaranteed that these large-scale data migrations will be completed before a large-scale quantum computer is developed.
KPMG can support you by performing a Quantum Risk Assessment on any systems that contain sensitive or critical data to gain a deeper understanding of the threat posed by quantum technology to your organisation. With the help of KPMG, you can make use of the outcomes of this assessment to build out a Cybersecurity Strategy that fully encapsulates preparation for the quantum threat into your long-term risk planning, and that is completely tailored to your organisation’s needs, prioritising your data and systems that are most at risk.
For more information on how we can help you prepare for the quantum threat, please reach out to one of the following contacts:
Tim Fletcher | KPMG UK