Latest news with #JamieNorton
Techday NZ
30-04-2025
- Business
- Techday NZ
Majority unprepared for quantum computing's security risks
Most organisations remain unprepared for the security and business implications of quantum computing, despite growing concerns among professionals about the potential risks it poses to current encryption methods, according to recent research from ISACA. The ISACA Quantum Computing Pulse Poll, which surveyed more than 2,600 professionals in fields such as digital trust, cybersecurity, IT audit, governance and risk, found that while awareness of quantum computing's transformative potential is increasing, concrete planning and readiness measures are largely absent from organisational agendas. According to the poll, 62% of technology and cybersecurity professionals are concerned that quantum computing could break today's internet encryption, raising the possibility of vulnerabilities in digital signatures, websites, utilities and medical records. However, just 5% of respondents said that their organisation considers quantum computing a high priority for near-term planning, and only 5% report having a defined strategy for it. Jamie Norton, ISACA Board Director, highlighted the accelerating pace of quantum computing and the significant implications for sectors that handle large volumes of sensitive data. He said, "Too many Australian and New Zealand organisations remain in reactive mode and underestimate quantum computing's potential to break existing encryption. Now is the time to assess whether you have the expertise to implement post-quantum cryptography solutions and start building internal capability. This is essential to mitigate its impact and protect sensitive data, maintain customer trust and ensure long-term business resilience." The research underscores that many see potential for quantum technology to drive major advancements. Sixty-three percent of respondents expect quantum computing to significantly speed up computational tasks or data analysis, and 46% anticipate that it will lead to revolutionary innovation. Nearly half (48%) are optimistic about the impact quantum computing could have within their sector. At the same time, respondents are alert to new risks, with 63% saying quantum computing will increase or shift cybersecurity risks. More than half (57%) believe it will create new business risks, 52% expect that it will change the skill sets required by businesses, and 50% foresee challenges around regulation and compliance. Among participants from Oceania, concern was even higher across all these areas by at least 10 percentage points. A total of 62% of respondents expressed concern that quantum computing could break current internet encryption before new, quantum-resistant algorithms have been fully implemented. More than half (56%) cited fears around the so-called "harvest now, decrypt later" threat, whereby data is stolen now with the intention of decrypting it using quantum computers in the future. Despite a quarter of poll respondents believing that quantum computing will have an industry-wide impact within five years, and 39% saying they expect it in six to ten years, many organisations are taking a wait-and-see approach. Forty-one percent report no plans to address quantum computing at this time and 40% are not aware of their company's intentions regarding quantum issues. When questioned on the role of quantum computing in their current technology strategies, only 15% indicated it was on a long-term roadmap, while 19% had discussed it in some form but made no formal plans, and 37% had not discussed it at all. Nearly a quarter (24%) were unsure of their organisation's view on the matter. The poll findings also point to significant knowledge gaps. Only 7% of respondents claimed to have a strong understanding of the new post-quantum cryptography standards developed by the US National Institute of Standards and Technology (NIST), while 44% said they had never heard of them. Many organisations have yet to take decisive action to prepare for quantum computing. More than half (55%) have not started any preparatory steps. Of those that have, actions cited include: assessing regulatory or compliance implications (46%); exploring quantum-safe cryptography (38%); collaborating with quantum hardware or software providers (28%); training staff (27%); and investing in research and proof-of-concept initiatives (27%). The poll also found that 30% of global cyber and IT professionals do not feel they have a good understanding of quantum computing's capabilities, highlighting the need for training and skills development in this area. Rob Clyde, chairman, Crypto Quantique, and past ISACA board chair, advised that organisations begin preparing now. He said, "Start by 1) identifying where encrypted data are stored and devices that use encryption, 2) developing a plan to transition to post-quantum cryptography prioritising critical data and systems, and 3) continuously monitoring for updated software and firmware with post-quantum cryptography. Waiting until quantum computing is here is too late, especially given today's harvest-now, decrypt-later threat."
Business Wire
28-04-2025
- Business
- Business Wire
Despite Rising Concerns, 95% of Organizations Lack a Quantum Computing Roadmap, ISACA Finds
SCHAUMBURG, Ill.--(BUSINESS WIRE)--While 62 percent of technology and cybersecurity professionals are worried that quantum computing will break today's internet encryption, only 5 percent say it's a high priority for the near future, and just 5 percent say their organizations have a defined quantum computing strategy, according to new research from ISACA's global Quantum Computing Pulse Poll. Despite rising concerns, 95% of organizations lack a quantum computing roadmap, ISACA finds. Share More than 2,600 global professionals in digital trust, cybersecurity, IT audit, governance and risk were surveyed in this inaugural ISACA poll on the perceptions and preparations around quantum computing. Potential for both transformation and risk Quantum computing has revolutionary potential; however, there are also clear concerns about the risks it presents. Nearly half (48 percent) are very or somewhat optimistic about quantum computing's impact in their sector/industry, 63 percent believe it will speed up computational tasks or data analysis significantly, and 46 percent say it will create revolutionary innovations. However, many anticipated outcomes of quantum require significant preparation. Sixty-three percent say quantum will increase or shift cybersecurity risks and 57 percent say it will create new business risks. Poll respondents (62 percent) are worried about quantum computing breaking today's internet encryption before browsers and websites fully implement the new post quantum cryptography algorithms approved by National Institute of Standards and Technology (NIST) standards. They are also focused on the potential for cybercriminals to start collecting encrypted data now and decrypt it once quantum computing becomes viable—with 56 percent citing the practice, known as 'harvest now, decrypt later,' as a concern. 'Many organizations underestimate the rapid advancement of quantum computing and its potential to break existing encryption,' says Jamie Norton, ISACA board director. 'They need to start examining whether they have the expertise to implement post-quantum cryptography solutions now, to ensure they are able to effectively mitigate its impacts.' Despite expected impacts, planning continues at a slow pace It appears many organizations have not yet mobilized to prepare for these coming changes. Forty percent are not aware of their company's plans, and 41 percent say they do not plan to address quantum computing at this time—even though 25 percent believe that the transformative potential of quantum computing will be realized on an industry-wide scale within the next five years, and 39 percent feel it will happen in six to 10 years. When asked about how their organization views quantum computing within its current technology or innovation strategy: 5 percent consider it a high priority for near-term planning 15 percent say it is on their long-term roadmap but not a near-term priority 19 percent say they have discussed it but not made any formal plans 37 percent have not discussed quantum computing at all 24 percent don't know Additionally, only 7 percent of the poll respondents say they have a strong understanding of the new NIST standards, even though NIST has been working on them for more than 10 years. Forty-four percent admit they have never heard of them. Taking action, prioritizing quantum skills More than half (55 percent) of enterprises have not taken steps to prepare for quantum computing. Additionally, a third of global cyber and IT professionals (30 percent) do not have a good understanding of the capabilities of quantum computing, indicating there is work to do to upskill and educate those working in the IT sector to have a skilled workforce ready for the advent of quantum. Rob Clyde, chairman, Crypto Quantique, and past ISACA board chair, notes that digital trust professionals should educate stakeholders about quantum computing risks and the urgent need for post-quantum solutions. 'Start by 1) identifying where encrypted data are stored and devices that use encryption, 2) developing a plan to transition to post-quantum cryptography prioritizing critical data and systems, and 3) continuously monitoring for updated software and firmware with post-quantum cryptography,' said Clyde, who is presenting on this topic at the ISACA North America Conference in May. 'Waiting until quantum computing is here is too late, especially given today's harvest-now, decrypt-later threat.' Learn more about ISACA'S Quantum Computing Pulse Poll at About ISACA For more than 55 years, ISACA ® ( has empowered its community of 185,000+ members with the knowledge, credentials, training and network they need to thrive in fields like information security, governance, assurance, risk management, data privacy and emerging tech. With a presence in more than 190 countries and with nearly 230 chapters worldwide, ISACA offers resources tailored to every stage of members' careers. Through the ISACA Foundation, ISACA also expands IT and education career pathways, fostering opportunities to grow the next generation of technology professionals.
