The 2019 DigiCert Post Quantum Crypto (PQC) Survey finds that IT professionals are placing increased emphasis, and budget, on protecting their infrastructure from the threats of quantum computing using Post Quantum Cryptography. Is this alone enough?
If you’ve been keeping up-to-date with our quantum computing market reports, you’ll see that quantum technologies are progressing at an ever-quicker rate. Indeed, hardly a day goes by without news of breakthroughs, studies or partnerships.
Throughout the year, we’ve also seen a conscious effort by industry bodies – large and small – to increase awareness of both the benefits and threats of quantum computing; especially among business leaders and IT professionals.
So how does the IT community view quantum computing, and what are they doing to ready themselves for the post-quantum age? This is a question that DigiCert, a US-based technology company that offers cryptography solutions for the web, has sought to answer in its 2019 PQC Survey.
The survey produced three key findings:
IT professionals are aware of PQC, but not of its intricacies
The results of the survey’s first section were somewhat mixed, with the authors suggesting that there is some ‘early stage confusion’ amongst professionals. While 71% of respondents said that they were “somewhat” to “completely” aware of what Post Quantum Cryptography is when asked, only 63% chose the correct description of what PQC was.
of IT professionals say they’re “somewhat to completely aware” of PQC.
They are aware of quantum computing’s threat to cryptography
The survey has shown that IT “clearly sees the threat that quantum computing poses to cryptography”, with 55% of respondents saying that its threat is “somewhat” to “extremely” large today, while 71% agree that this the case for the future.
How close is ‘the future’? Responses suggest that IT teams believe that quantum computing will be able to crack existing cryptographic algorithms as early as 2022 (with a median of 18%), while 26% say 2025 or later.
Either way, professionals expect the technology to take effect within their current time working at their respective organisations. It’s no wonder that eight out of ten respondents also say that it is “somewhat to extremely important for IT to learn about quantum-safe security practices”.
of IT professionals believe quantum computing poses a “somewhat” to “extremely” large threat in the future, while 55% believe it poses this today.
Enterprises are beginning to prepare for PQC
With IT professionals aware of the threats quantum computing poses to current cryptographic standards, and with an understanding of Post Quantum Cryptography, it’s also encouraging that the survey has found that enterprises are actively preparing for PQC.
Currently, just over a third of responding organisations (35%) have indicated that they have a PQC budget, while 56% are in budget discussions. When it comes to the size of these budgets, the majority of respondents (59%) either have, or expect to have, a “somewhat” to “extremely” large budget for PQC.
of enterprises have, or expect to have, a “somewhat” to “extremely” large budget for PQC
The importance of Quantum-Safe Security
While the survey itself focusses on Post Quantum Cryptography specifically, it does note that “PQC isn’t the full answer”. Indeed, organisations need to focus on scoping and implementing a rounded quantum-safe security strategy, featuring technologies such as Quantum Key Distribution (QKD), which can protect against both classical and quantum attack, ensuring forward secrecy.
In addition, QKD is commercially available today and can be combined with PQC (upon its release) to provide security across a range of different applications.
Finally, and as echoed by this survey’s findings, it’s of paramount importance that IT teams plan, budget and begin to implement their quantum-safe security strategy today. Infrastructure and other technologies, such as IoT devices and autonomous vehicles, that are being put into service today will still be active when quantum computing is mainstream. Can enterprises really afford to have their networks and devices vulnerable?
You can read the DigiCert 2019 PQC Survey in full here.
Learn more about Quantum-Safe Security.
About the survey
DigiCert commissioned ReRez Research to survey IT professionals who work within 400 enterprises (with 1000+ employees) in the US, Germany and Japan. Of the respondents, 38% were IT Directors, 26% were IT generalists, 20% worked within IT security and 16% were ‘other’.
The survey focussed on the finance, healthcare, transportation and ‘industrial’ industries. While the methodology in the main report doesn’t explain why these industries were chosen, we suspect that it was due to the sensitive nature of their work and ongoing security threats that are posed to them.