{"id":14974,"date":"2025-10-17T10:09:10","date_gmt":"2025-10-17T10:09:10","guid":{"rendered":"https:\/\/newestek.com\/?p=14974"},"modified":"2025-10-17T10:09:10","modified_gmt":"2025-10-17T10:09:10","slug":"cisos-face-quantum-leap-in-prioritizing-quantum-resilience","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=14974","title":{"rendered":"CISOs face quantum leap in prioritizing quantum resilience"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

Despite recognizing the severity of the threat, enterprises continue to respond slowly to warnings that existing systems must be updated to address the risks of the approaching advent of quantum computers.<\/p>\n

Quantum computers threaten the security of existing public-key cryptography systems. Government agencies such as the US National Institute of Standards and Technology and the UK\u2019s National Cyber Security Centre (NCSC) are advising to adopt post-quantum cryptography (PQC)<\/a> before a 2030 deadline, in time for the expected depreciation of vulnerable cryptographic algorithms.<\/p>\n

However, five years from this deadline, PwC\u2019s Global Digital Trust Insights report<\/a> paints a picture of a general lack of preparedness for rolling out quantum resistant cryptography.<\/p>\n

\u201cAlthough quantum computing ranks among the top five threats organisations are least prepared to address, fewer than 10% prioritise it in budgets and only 3% have implemented all [the] leading quantum resistant measures surveyed,\u201d the report states.<\/p>\n

\u201cSome organisations are making initial progress, with 29% in piloting and testing stages. However, only 22% have moved beyond piloting, and almost half (49%) haven\u2019t considered or started implementing any quantum-resistant security measures,\u201d it adds.<\/p>\n

Industry readiness<\/strong><\/h2>\n

The majority of independent experts quizzed by CSO say the PwC report\u2019s findings reflect a real gap between industry awareness and operational readiness for PQC<\/a>.<\/p>\n

Jason Soroko<\/a>, senior fellow at automated certificate lifecycle management firm Sectigo, tells CSO that sectors of the economy that are already cryptographically mature are pushing ahead with PQC projects, leaving other sectors even further behind.<\/p>\n

\u201cUptake is not confined to banking, yet financial services tend to lead because they are highly regulated, risk averse, and exposed to long-lived data risks,\u201d Soroko explains. \u201cMany banks and payment networks have larger cryptographic inventories, established key management and compliance drivers, which push them to move earlier.\u201d<\/p>\n

\u201cOther sectors with long data lifetimes and wide device estates such as government, telecom, cloud, and critical infrastructure are also active,\u201d Soroko adds.<\/p>\n

Financial services and professional services are furthest ahead, but manufacturing, oil and gas, mining, and healthcare remain significantly behind, in some cases with PQC adoption as low as 2%, according to cybersecurity vendor Forescout.<\/p>\n

Chris Hickman<\/a>,<\/strong> CSO at digital identity management firm Keyfactor, says that most organizations are waiting \u201ceither for the risk to feel more immediate or for others to make the first move.\u201d<\/p>\n

\u201cThat delay will be costly,\u201d Hickman predicts.<\/p>\n

Obstacles to widespread adoption range from a lack of skilled personnel, limited time and competing priorities, and the slow adoption of existing standards, Hickman says.<\/p>\n

State of migration<\/h2>\n

Encryption underpins the security of everything from healthcare records to government data and e-commerce transactions.<\/p>\n

But just 8.5% of SSH servers currently support quantum-safe encryption.<\/p>\n

TLS 1.3 adoption \u2014 currently at 19% \u2014 also trails older, quantum-vulnerable versions, according to a recent study by Forescout<\/a>.<\/p>\n

Other experts paint a more optimistic picture of PQC deployment since NIST finalized the first post-quantum cryptographic standards<\/a> in August 2024.<\/p>\n

\u201cGoogle, Apple, Signal, and Zoom have implemented PQC,\u201d says Duncan Jones<\/a>, head of cybersecurity at integrated quantum computing firm Quantinuum. \u201cGovernment mandates like CNSA 2.0<\/a> set hard deadlines. Financial services are moving \u2014 ASC X9<\/a>\u2019s 2025 readiness assessment outlines concrete steps from cryptographic inventory through migration planning.\u201d<\/p>\n

Obstacles to adoption<\/strong><\/h2>\n

The main obstacles to widespread PQC adoption including cost, standards uncertainty, and organizational inertia. This last issue is significant given that preparing for the quantum threat requires a phased approach to crypto agility<\/a>.<\/p>\n

\u201cThe obstacles to widespread adoption are very real,\u201d Keyfactor\u2019s Hickman says. \u201cA lack of skilled personnel, limited time and competing priorities, and the slow adoption of the existing standards are the top challenges slowing progress.\u201d<\/p>\n

Hickman continues: \u201cAdditionally, risk perception varies, especially between security teams and executive leadership, making it harder to align strategies.\u201d<\/p>\n

Kevin Hilscher, senior director of product management at DigiCert, says the time horizon is playing a significant role in the PQC preparation gap. \u201cCompanies are prioritizing other projects because, let\u2019s face it, 2030 is still more than four years away and other projects take precedence,\u201d he says.<\/p>\n

Moreover, security teams find themselves increasingly under fire from escalating threats<\/a> in the here and now.<\/p>\n

\u201cOrganizations often lack the expertise or resources to prioritize PQC while dealing with day-to-day threats,\u201d says Dr. Katrina Rosseini<\/a>, a cybersecurity expert at Ascendant Group. \u201cStandards are still evolving, and deploying quantum-resistant algorithms requires careful testing to avoid breaking critical systems.\u201d<\/p>\n

Still, delays in PQC adoption not only leave organizations vulnerable to future quantum threats but also amplify the vulnerabilities already being targeted by attackers, Dr. Rosseini warns.<\/p>\n

Uncertainty, complexity, and the difficulties in mapping cryptographic assets are also putting a brake on PQC rollouts.<\/p>\n

\u201cBudgets compete with nearer-term threats and not all people are yet aware of the 2030 deprecation of RSA\/ECC by NIST, so planning and investment are delayed,\u201d says Sectigo\u2019s Soroko. \u201cStandards and vendor support are still being operationalized, and some algorithms introduce performance overhead or compatibility issues for legacy systems and constrained devices.\u201d<\/p>\n

Soroko adds: \u201cSkills are scarce and dependencies run through supply chains and cloud services, so end-to-end migration planning and governance slow adoption.\u201d<\/p>\n

Dr. Rosseini also notes that legacy systems and infrastructure can make rolling out new algorithms difficult.<\/p>\n

Benjamin Mourad<\/a>, senior director and solution architect at DMI, sees the main obstacles to widespread adoption being education about quantum computing risks \u2014 such as the threat from \u201charvest now, decrypt later\u201d attacks<\/a> \u2014 and funding.<\/p>\n

Conversely, improvements in technology over the past year have made implementing and scaling up cryptographic systems more straightforward, Mourad contends.<\/p>\n

\u201cTechnological improvements over the past 12 months have improved capabilities and lowered the costs to migrate to PQC at scale with containerized, lightweight applications that did not exist over a year ago,\u201d Mourad explains. \u201cThe decreasing need for significant investments in hardware and software will make PQC more scalable.\u201d<\/p>\n

Navigating quantum uncertainty<\/h2>\n

Analysts predict quantum computers capable of breaking current encryption anywhere from five to 20 years away.<\/p>\n

This uncertainty can be distracting, Dr. Rosseini says. \u201cThe focus has to be on preparedness and resilience<\/a>,\u201d she advises. \u201cOrganizations need to inventory sensitive assets, assess system readiness, run pilot programs, and secure key management.\u201d<\/p>\n

The PwC report should act as a wake-up call, Dr Rosseini adds.<\/p>\n

\u201cOrganizations that treat PQC as a strategic security initiative now will be positioned to reduce risk and strengthen resilience,\u201d she says. \u201cThose who wait risk leaving themselves exposed to both present and future threats.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Despite recognizing the severity of the threat, enterprises continue to respond slowly to warnings that existing systems must be updated to address the risks of the approaching advent of quantum computers. Quantum computers threaten the security of existing public-key cryptography systems. Government agencies such as the US National Institute of Standards and Technology and the UK\u2019s National Cyber Security Centre (NCSC) are advising to adopt… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14974","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14974","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14974"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14974\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14974"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14974"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14974"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}