5 principles to accelerate your organization’s quantum cyber readiness

To mitigate systemic threats to the global economy, the quantum computing revolution requires changes to how organizations secure data and communications. In the future, sufficiently powerful quantum computers will be able to disrupt businesses by breaking some of the cryptographic foundations used to protect vast amounts of data and transactions. Dealing with this risk will require organizations to adopt quantum-secure technologies, which will likely be a complex and time-intensive undertaking. The time to act is now, but many leaders do not know where to start.

The attention paid to managing this quantum risk is ramping up across the globe. For example in Europe, the French and German cybersecurity agencies have taken positions on how to help mitigate this danger. The United States is probably the furthest ahead, though. It has begun formalizing its stance with a series of federal actions published over the last couple of years: most notably, last year’s memorandum of the Office of Management and Budget (OMB) requiring federal agencies to create a prioritized inventory of information systems that use cryptography vulnerable to quantum computers.

A recent report shows that these activities are still a work in progress, most notably due to the endemic nature of cryptography today, which highlights some of the challenges that large global organizations will face as they prepare to become quantum-secure.

In 2021, the World Economic Forum, in collaboration with Deloitte, embarked on an initiative to help organizations prepare for their quantum-readiness journey. In 2022, they developed the Transitioning to a Quantum-Secure Economy white paper, which offers leaders guidance on enabling a secure transition to the quantum economy.

The latest milestone in this collective initiative is the creation of the Quantum Readiness Toolkit, which expands on the guidelines and is enriched with insights from global industry leaders. The five high-level principles provide more detailed suggested activities that are based on the quantum readiness framework established in the original white paper. This new resource helps organizations assess their quantum security awareness and prioritize next steps for quantum readiness.

To successfully implement these principles, several things are key. Firstly, leaders and teams need to be aware of how mitigating quantum risk is an essential step for future-oriented and resilient organizations. Without sufficient awareness and support, quantum security transformations are bound to fall short of their goals. Secondly, leaders must recognize there is no “quick fix”. They must invest in people, process and technology to have a comprehensive and effective answer to quantum risk. But what is most important is that the time to act is now. The quantum threat may feel distant; but the longer organizations wait, the greater the risk of running out of time. Preparing now might benefit organizations’ cyber resilience in other ways as well.

It is important that leaders remain engaged and committed to act on quantum risk. The ecosystem can support them in doing so. Narrowing down a overwhelming problem to an overview of concise and tangible steps for leaders to take will make things easier. Integrating quantum cyber readiness requirements into existing cybersecurity frameworks, such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework, may also help, since that is often the language that security leaders already speak. But in the end, it is essential that organizations such as the World Economic Forum keep disseminating insights and guidance to demystify quantum risk and to promote worldwide action. The Quantum Readiness Toolkit is another important step in this direction, and others will surely follow.