A current business threat from future quantum computers

Commercial transactions on the Internet and routine cyber security depend on the effectiveness of public key cryptography. Quantum computers will make existing standards obsolete. The impact of this starts now.

Estimates vary on when a quantum computer powerful enough to realise this threat will be built. A range of dates from 8 to 20 years have been suggested. More rapid scenarios are also possible: a major programme by a nation state could bring this down to perhaps 5-7 years; alternative schemes based on quantum simulators rather than waiting for a full scale device might overturn these estimates further.

Perhaps a business might reasonably assume that they should plan against a viable security threat from quantum computers by 2027. Surely that seems like a comfortable way off?

However there is a problem. If a hostile party intercepts and stores data today, they will be able to break its encryption in 2027. Additionally, the transition programme to put new quantum safe arrangements in place inside an organisation might itself take several years. Remote systems and embedded devices are a further complication. Not only will these require update, but the security protocols routinely used to validate such updates are themselves among those at risk.

Assuming you start now and the transition takes 2 years, that’s still only an 8 year safe window. Is the CEO happy to defend to customers and investors that sensitive data just 8 years old might be revealed?

For more on quantum technologies visit www.factbasedinsight.com