Just 8.5% of Aussie organisations have quantum‍-‍safe encryption

Australian organisations are woefully ill prepared for the impact of quantum computing on encryption standards and security, according to new research from DigiCert.

A survey of senior and C-level cybersecurity managers in three countries found that while 61.4% of Australian organisations recognise the risk quantum computing poses to current encryption standards, only 8.5% have implemented quantum-safe encryption. The survey found that 42.9% of organisations believe that substantial portions of their encrypted data could be compromised as threats to traditional encryption standards develop.

Meanwhile, despite a majority of organisations believing quantum computers will break current encryption within five years, only 41.7% feel very prepared for quantum threats, and just 10.4% claim to be extremely prepared.

DigiCert Regional VP for ANZ Daniel Sutherland said the findings demonstrate that while enterprises recognise the quantum threat, many are slow to act due to the perceived complexity and uncertainty, and a misguided belief that quantum computing is still a long way away.

“As the global shift toward quantum computing accelerates, organisations must take proactive steps to ensure [their] cybersecurity posture remains strong,” he said. “Organisations that prioritise quantum-safe security today will position themselves to confidently embrace the post-quantum future — seizing opportunities instead of scrambling to catch up. Now is the time to act to safeguard critical infrastructure and maintain digital trust in an increasingly quantum-enabled world.”

DigiCert is recommending that enterprises maximise their return on investment in public key infrastructure by making quantum readiness a key driver of their current security planning.

Crypto4A CTO Dr Jim Gordon said the research found that only 5% of organisations across the three surveyed markets of Australia, the UK and the US have implemented quantum-safe encryption, a finding that should be a wake-up call for the security industry.

“Migrating to post-quantum cryptography isn’t just a software patch — it’s a foundational shift that requires full visibility into your cryptographic environment, upgrades to hardware, migration to quantum-safe roots of trust, and cross-functional coordination,” he said. “Those already underway are ahead of the curve and better equipped to handle what’s next.”

DigiCert has released an updated book named Post-Quantum Cryptography for Dummies, which recommends key steps organisations can take to transition to a quantum-safe security posture. The first involves inventoring their cryptographic assets, including certificates and algorithms, and prioritising them based on level of criticality to determine what needs to be upgraded and replaced.

Organisations should prioritise replacing encryption algorithms that need to be trusted for a long time, such as eSignatures and long-lived IoT devices, the book states.

Another important step involves exploring and testing the ways an organisation incorporates post-quantum cryptography algorithms. Finally, organisations should seek to become crypto-agile by establishing methods for deploying encryption technologies, and developing an ability to respond quickly to emerging security issues.

Image credit: iStock.com/da-kuk