Businesses in all industries are extremely vulnerable to quantum computing attacks, with a new report from the Trusted Computing Group (TCG) finding that 91% of security professionals within the USA and Europe have no formal post quantum cryptography (PQC) roadmap in place.

While many experts now expecting a quantum device capable of breaking today’s encryption methods to be ready between 2030-2035, 81% of the same professionals surveyed for the TCG’s State of PQC Readiness report also believe that their current crypto-libraries and hardware security modules are not ready for PQC migration, putting personal and sensitive data at risk across all sectors.

“Our State of PQC Readiness report is a clear indication that PQC preparations need to be accelerated,” said TCG President Joe Pennisi. “As organizations like NIST and NCSC continue to approve PQC standards and set out their own roadmaps for full integration, it’s not enough for security professionals to just understand the quantum threat landscape, but actively take steps to mitigate it.”

Quantum computers, using algorithms such as Shor’s, will be able to efficiently solve complex mathematical problems that make current public-key cryptography measures like Rivest-Shamir-Adleman (RSA) so secure. The threat still looms large over businesses today however, as hackers can still execute ‘harvest now, decrypt later’ attacks, where current encrypted data is stolen now in order to be decrypted by quantum computers once they become available.

The State of PQC Readiness report surveyed 1,500 leading cybersecurity professionals across the USA and Europe to provide a comprehensive perspective on their understanding of, preparations for, and concerns regarding PQC. It found that while 76% of professionals are confident of their understanding of the threat landscape, concerns over compatibility, integration and the complexity of PQC migration may be hindering preparations.

The report also found that contractual requirements, industry consortium standards, and new regulations will be the key drivers for PQC migration, and that 58% of those surveyed plan to utilise between 6-10% of their available IT and security budgets in order to bolster these efforts.

“Industry migration to PQC will take some time, and the concerns raised over budgetary restraints are well-founded,” continued Pennisi. “However, we were delighted to find that professionals see industry consortium standards as crucial to these efforts. The TCG is currently working hard to update our specifications in preparing for the PQC era, aligning with the algorithms and the parameter sets published by NIST and other institutions.”

The full State of PQC Readiness report – with statistics sourced in partnership with Censuswide – can be downloaded on the TCG’s website.

– ENDS –

About TCG
TCG is a not-for-profit organization formed to develop, define and promote open, vendor-neutral, global industry specifications and standards, supportive of a hardware-based root of trust, for interoperable trusted computing platforms.

TCG enables secure computing through open standards and specifications. Benefits of TCG include protection of business-critical data and systems, secure authentication and strong protection of user identities, and the establishment of strong machine identity and network integrity. More than a billion devices include TCG technologies.

X: @TrustedComputin
LinkedIn: https://www.linkedin.com/company/trusted-computing-group/