error
Subscriptions are not available for this site while you are logged into your current account.
close
Skip to main content
Submit RFP

      Much like Artificial Intelligence (AI) a decade ago, quantum computing is a field brimming with promise, uncertainty, and, for many executives, confusion. The critical question on every board's mind is: Should we worry about Quantum? If not now, when?

      The immediate answer from industry experts is a resounding "now." Analysts estimate the economic impact of quantum computing could reach trillions by the mid-2030s. Research from ISACA's global Quantum Computing Pulse Poll reveals a significant concern: while 62% of technology and cybersecurity professionals fear quantum computing could break current internet encryption standards, only 5% consider it a high priority or have a defined strategy. This shows a significant gap between technology advances and business preparedness.

      Neil-Coutts
      Neil Coutts

      Director, Cyber Security

      KPMG in the UK

      What is Quantum Computing?

      Quantum computing is a revolutionary field that harnesses the principles of quantum mechanics to process information in fundamentally different ways compared to classical computing. While traditional computers use bits (0 or 1), quantum computers use quantum bits, or qubits. These qubits can exist in multiple states simultaneously due to superposition and entanglement, allowing them to process exponentially more values in parallel than classical bits. For instance, a 20-qubit quantum computer can process over one million values in parallel.

      Currently, we are in the Noisy Intermediate-Scale Quantum (NISQ) era. Quantum computers at this stage experience errors and reliability challenges due to decoherence, a process in which qubits lose their quantum state because of external noise.

      What does this mean for business?

      Quantum computing has the potential to solve complex problems much faster, more cost effectively and more accurately than classical computers. However, it’s crucial to understand that quantum computers are designed to complement traditional systems, not replace them, by tackling specific, niche issues. They do not provide universal acceleration; only specific types of problems benefit, particularly those involving massive optimisation, factorisation, or simulation.

      What industries might benefit?

      The enhanced capabilities of QC are expected to enable novel, previously unfeasible applications. When combined with advancements in AI, QC will significantly drive progress in AI. The potential impacts are extensive, offering considerable benefits across multiple industries:

      • Finance

        Quantum computing can lead to better portfolio optimisation, improved risk modelling, and advanced currency arbitrage. Firms like Goldman Sachs and QC Ware are already exploring Monte Carlo simulations, aiming for a tenfold performance increase in financial calculations.

      • Pharmaceuticals/Life Sciences

        Quantum simulation offers faster drug discovery by simulating molecules. Cleveland Clinic partnered with IBM to explore quantum applications in genomics, single-cell transcriptomics, and drug discovery.

      • Logistics/Mobility

        Quantum computing can optimise shipping routes, traffic flow, and public transportation. Volkswagen used quantum computing to optimise taxi routes in Beijing and coordinate city buses in Lisbon, while Ford and Microsoft explored using quantum-classical hybrid algorithms to reduce traffic congestion by 73%.

      • Manufacturing

        D-Wave’s quantum-optimisation offering is already in production and used by Ford Otosan to streamline manufacturing processes.

      • Cybersecurity

        While quantum computing poses a significant threat to current encryption, it also presents an opportunity for Post-Quantum Cryptography (PQC) and other use cases such as Quantum Key Distribution (QKD).

      • Energy

        Quantum technology can aid in discovering new clean energy sources, improving electric grid management, and enhancing climate change modelling.

      When should boards act?

      Organisations must act now to prepare for the immense computational power of quantum computing. The US government mandated a transition to post-quantum cryptography (PQC) by 2035 for all federal systems, the Canadian government has recently published a similar 2035 target, and the EU have just released a timeline for critical infrastructures to complete transition by 2030. Regulatory bodies and industry standards are likely to follow suit, making early preparation less disruptive and expensive.

      In the UK, the National Cyber Security Centre (NCSC) has provided a similar timeline for transition:

      • By 2028: Define migration goals, conduct a full discovery exercise, and build an initial migration plan.
      • By 2031: Carry out early, highest-priority PQC migration activities and refine the plan for a thorough roadmap.
      • By 2035: Complete migration to PQC for all systems, services, and products.

      The cost of inaction

      Organisations that treat quantum computing as a distant concern risk significant penalties, including security vulnerabilities and competitive disadvantages. Boards must consider several factors:

      important_devices

      Infrastructure

      Leveraging quantum computing capabilities will require substantial investments in organisational knowledge, hardware and software development.

      security

      Data Security

      One of the most significant threats is that quantum computers could break current encryption systems such as RSA and ECC which are commonly used in most organisations. This leads to the "Store-Now-Decrypt-Later" threat, where malicious actors stockpile encrypted data for future decryption. Post-Quantum Cryptography (PQC) offers cryptographic methods designed to withstand quantum attacks, relying on complex mathematical problems.

      donut_small

      Compatibility

      The integration of PQC algorithms will be complex and require significant coordinated effort across the enterprise to ensure a successful transition. This is not just an IT or cybersecurity issue; it affects all parts of the business. The different performance characteristics will require adjustments to processing speed and resource allocation. PQC also uses different data formats, key sizes, and key management practices. This can involve significant modifications, including network configuration changes, code updates, or even hardware upgrades.

      precision_manufacturing

      Supply Chain Security

      Even if your organisation doesn't directly use quantum computing, compromised suppliers or partners due to a quantum attack can have a ripple effect, underscoring the need to manage third party risks.

      account_balance

      Quantum Regulations

      Regulatory frameworks will evolve, and organisations should proactively prepare for new compliance requirements, e.g. NIST's Post-Quantum Cryptography standards.

      handshake

      Investor Relations

      Private and public investors are pouring billions into quantum technology, indicating growing confidence in its measurable value. Demonstrating quantum readiness can enhance investor confidence and attract investment.

      How KPMG can help

      Ultimately, in today’s densely digitised commerce landscape, there’s no change that will leave a retailer invulnerable to cyber-attacks.

      It’s why any robust retail cyber strategy should also incorporate regular practice runs, with simulated attacks to test both defences and various teams on how they would (and should) respond. Doing so can “build muscle memory which can mean the difference between a chaotic and a well-co-ordinated response” should an attack occur, says Fletcher.

      But by recognising cyber security as the core, shared responsibility it is in today’s modern grocery landscape – rather than the sole domain of an overburdened security team – senior leadership can ensure everyone can play their part in fending off the next attack.

      Assessing your organisation's quantum readiness: A critical first step

      So, how do you know if your organisation is ready for the quantum era?

      It starts with a comprehensive assessment of your current capabilities and vulnerabilities. Consider these key areas:

      Map out when regulation or quantum computers might threaten your security infrastructure and when quantum advantages might emerge in your sector, keeping in mind the NCSC goal to transition systems to PQC by 2035.

      • Inventory All Encryption Systems: Identify encryption type, key length, specific use, and distinguish between vendor-supplied and custom software for every device, system, platform, and vendor.

      • Prioritisation: Prioritise mitigation efforts based on a combined risk assessment and timeline analysis, considering the potential financial, reputational, and operational consequences of a successful attack, as well as the lifespan of the data and its susceptibility to attack.

      Evaluate the quantum-readiness of existing infrastructure, considering computational resources, algorithmic compatibility, and potential performance impacts.

      Address the severe and growing global shortage of quantum expertise. Encourage building quantum capabilities, including forming dedicated teams and providing education. The European Competence Framework for Quantum Technology can be a valuable reference for skills and job profiles.

      No company will build quantum capabilities in isolation. Strategic partnerships with quantum computing companies (like IBM, Google, Microsoft offering cloud services), research institutions, and cloud providers are essential.

      Conducting a comprehensive quantum risk assessment is crucial to identify vulnerabilities and opportunities, helping you prioritise efforts and allocate resources effectively.

      Final Word

      Although the exact timeline may be uncertain, change is inevitable. Organisations that prepare now will be best positioned to mitigate the risks and capitalise on the opportunities that quantum computing presents. This is not just a technological challenge; it's a strategic imperative for ensuring resilience, security, and competitive advantage in an era of rapid technological change. Proactive organisations can gain a competitive edge.

      The time to act is now.

      KPMG’s team of quantum and cyber security specialists help you assess and remediate your quantum risks and align with current and upcoming regulations to protect your organisation against emerging threats and gain a competitive edge.

      Contact us to learn more.

      Quantum cyber security risk | Preparation & planning

      Our people

      Neil-Coutts
      Neil Coutts

      Director, Cyber Security

      KPMG in the UK

      bharat-bhushan
      Bharat Bhushan

      Partner and CTO, Consulting

      KPMG in the UK

      Our technology insights

      Something went wrong

      Oops!! Something went wrong, please try again

      Get in touch

      Read enough? Get in touch with our team and find out why organisations across the UK trust us to make the difference.

      Contact us
      Person smiling whilst using a mobile phone