The quantum era threatens to make current cyber security measures obsolete, exposing sensitive data and critical infrastructure to unprecedented risks.
Quantum computing risk is not just a future consideration. Regulatory shifts such as the US Quantum Computing Cybersecurity Preparedness Act 2022 make quantum compliance an immediate imperative. Organisations need to consider the opportunities and threats that quantum computing presents to ensure they can remain competitive, secure and compliant.
In Securing tomorrow: strategic compliance in the quantum age, we explain how the evolving quantum risk and regulatory landscape accelerates the need to prioritise resilience and compliance and introduce a framework that enables organisations to thrive in the quantum computing age.
Quantum computing: why it's time to act
Adapting to new quantum computing legislation
Latest legislation such as the US Quantum Computing Cybersecurity Preparedness Act 2022 mandates transitioning US federal IT systems to quantum-resistant cryptography, setting a new global precedent. Businesses operating internationally and with the US need to adapt to new cyber security standards that consider the impacts of quantum computing, or risk being locked out of certain markets.
Post-Quantum Cryptography (PQC) standards have already been released. In August 2024, the US National Institute of Standards and Technology (NIST) released its first three finalised PQC algorithms for key encapsulation and digital signatures. These are ready to be used now and Dustin Moody, the head of the NIST PQC standardisation project, acknowledged that full integration will take time, so system administrators should act immediately.
Quantum compliance is imperative for market viability
Quantum compliance is rapidly becoming central not just to security but also to ensuring a competitive edge. Although movements towards quantum compliance are accelerating, many organisations face challenges in prioritising readiness and closing knowledge gaps – increasing their risk of non-compliance and vulnerability.
A quantum security framework for compliance and resilience
While quantum technologies are rapidly developing, the threat of 'Harvest now, Decrypt later' is real and immediate. With increasing legislation, together with long procurement and mitigation cycles, there is a need to act now.
Identify assets and cryptographic controls used to protect them.
Objective
The discovery phase seeks to achieve the following:
- Identify key technology group areas that are at risk
- Identify assets for each technology group
- Understand the classification of the asset and the information it processes
- Identify cryptography used for protection
Perform risk assessments to identify quantum-vulnerable assets.
Objective
The assess phase seeks to achieve the following:
- Perform a quantum risk assessment
- Develop a high-level remediation roadmap
- Develop a cryptographic inventory
Develop detailed remediation recommendations and enhance remediation roadmap.
Objective
The manage phase seeks to achieve the following:
- Develop detailed remediation recommendations
- Prioritise remediation actions
- Enhance remediation roadmap
Uplift existing security controls and transition vulnerable cryptographic systems to Post Quantum Cryptography (PQC).
Objective
The remediate phase seeks to achieve the following:
- Uplift security controls
- Implement cryptographic agility
- Implement Post Quantum Cryptography
Perform ongoing monitoring of remediation efforts and changes to the threat and regulatory landscape.
Objective
The monitor phase seeks to achieve the following:
- Monitor risks identified from assesment
- Monitor cryptography used
- Monitor changes to the threat and regulatory landscape
Quantum risk is not just a future consideration
Is your organisation quantum ready? Download the report.
Quantum computing FAQs
Quantum computing poses a significant cyber threat to current cryptographic algorithms which rely on computational complexities that quantum computers may be able to solve in a matter of hours.
Attackers may be able to manipulate documents through forged updates or fraudulent authentication, decrypt confidential historical data and alter legal documents undetected by counterfeiting digital signatures.
Many state and criminal actors may already be harvesting encrypted data and storing it for decryption later, so delays in addressing vulnerable encryption technologies can increase the risk of data exposure and exploitation.
The quantum era threatens to make current cyber security measures obsolete and expose sensitive data and critical infrastructure across many industries. Examples include financial transactions and data, patient and pharmaceutical data in healthcare, national infrastructure, secure communications and technological innovations.
Quantum computing could potentially break common encryption methods at an alarming speed. These include the cryptographic processes used in blockchain technology and cryptocurrency. For example, quantum algorithms pose a risk to cryptographic hashing and the encryption used to protect individual wallets.
Quantum computing exposes security weaknesses in supply chains, especially with the growing reliance on Software as a Service models. To reduce the quantum risks to supply chains, organisations need to secure their information through detailed contractual agreements and stringent assurance policies, ensure a thorough understanding of where critical ICT assets are located across the supply chain and update procurement to include quantum-resistant technologies.
How KPMG can help you become quantum safe
KPMG’s team of quantum and cyber security specialists help you assess and remediate your quantum risks and align with current and upcoming regulations to protect your organisation against emerging threats and gain a competitive edge. Contact us to learn more.
KPMG's quantum computing specialists
- Item 1
- Item 2
- Item 3
KPMG's specialist insights
Browse KPMG's insights and thought leadership below.
Something went wrong
Oops!! Something went wrong, please try again
How to prepare for quantum cyber security risk
Stay informed on how Quantum risk strategy implementation may protect data from future quantum threats.