Certes Reveals Critical Shortcomings in Organizations’ Quantum Security Preparedness
Certes has released groundbreaking research indicating a significant gap in many organizations’ preparedness for the security threats associated with quantum computing. Despite an increasing recognition of these risks, a substantial number of businesses continue to lag in taking necessary precautions.
The findings from Certes’ Emerging PQC Imperative report demonstrate that 78% of organizations identify legacy systems as their primary vulnerability in relation to quantum security. This revelation underscores the pressing concern that outdated infrastructure and applications could leave sensitive information dangerously exposed as quantum computing capabilities progress.
The study, executed by Freeform Dynamics and commissioned by Certes, surveyed 200 senior IT and security leaders from the United States and the United Kingdom. Among the participants were Chief Information Security Officers (CISOs), Chief Information Officers (CIOs), and decision-makers from sectors such as healthcare, manufacturing, financial services, and the public sector.
Analyzing the Inertia in Actions
The research illustrates a clear disconnect between awareness of post-quantum cryptography risks and actionable responses. While the threat of quantum advancements looms large, many organizations appear to be struggling with the transition from awareness to effective action. Only a meager 11% of organizations expressed confidence in their ability to achieve post-quantum readiness within anticipated timelines. Even more concerning is that just 2% reported full confidence in achieving crypto agility on a large scale.
Moreover, the report indicated that 97% of respondents lack complete assurance in their capabilities to meet long-term crypto agility deadlines. This statistic reveals a worrying discrepancy between strategic planning and real-world execution, suggesting a need for urgent introspection within these organizations.
Paul German, the CEO of Certes, emphasized the profound understanding many organizations possess regarding the threats posed by quantum computing. However, he noted that recognizing the problem does not equate to having the tools or strategies to resolve it. "Most security and IT leaders understand the threat quantum computing poses. They know the timelines, and they recognize what’s at stake, but comprehending the problem and being equipped to solve it are two very different things," German stated.
He stressed the critical nature of timely preparation for post-quantum security, warning businesses that the timeline to address these threats is closing rapidly. "The 2030 milestone sounds like it’s a long way off," he noted, "but when you factor in the sheer scale of complexities and cryptographic transition, the runway is much shorter than it looks. The window to act is narrowing, and time is running out faster than most organizations realize."
Edge and IoT Systems: A Weak Spot
The report also revealed escalating concerns surrounding edge computing and the Internet of Things (IoT). Almost three-quarters of the surveyed leaders—74%—identified edge and IoT environments as significant quantum security risks due to their challenging nature in terms of upgrades and standardization. In parallel, 73% of organizations reported assessing the implications of “harvest now, decrypt later” attacks. This strategy involves cybercriminals hoarding encrypted data today, intending to decrypt it in the future once quantum computing technologies become more prevalent.
Simon Pamplin, the Chief Technology Officer (CTO) of Certes, highlighted that organizations displaying the most progress treat quantum readiness not just as a compliance issue, but as a broader business risk. “The hardest challenges lie in legacy environments, custom applications, and edge and IoT infrastructure,” Pamplin commented. “These represent both the greatest exposure and the most complex remediation work.”
Certes Introduces V7 Platform Update
In conjunction with the dissemination of this research, Certes introduced the latest version of its Data Protection and Risk Mitigation platform, v7. This enhancement aims to assist organizations in implementing quantum-safe data protection and crypto-segmentation across hybrid cloud, edge, and legacy environments without necessitating substantial infrastructure changes.
With this new platform, Certes intends to streamline the adoption of post-quantum security measures while alleviating operational complexities confronted by businesses that are increasingly under pressure to modernize their cryptographic practices.
For more comprehensive information on the new v7 platform as part of the Certes DPRM initiative, interested parties can visit Certes’ dedicated webpage.
As the rapid evolution of quantum computing continues, the urgent call for organizations to fortify their cybersecurity frameworks cannot be overstated. The research findings by Certes serve as a clarion call for organizations to urgently reassess and enhance their approaches to quantum security in an increasingly volatile digital landscape.