Why it's time to get your board to take the quantum threat seriously

The busy boardroom agenda for many companies will soon have another big topic to deal with: the potential of quantum technologies. Through advanced modelling and many other methods, quantum computing offers tremendous opportunities to transform business strategies and productivity. But, as with all other technological innovations over the last 50 years, it is also ripe for criminal exploitation. Of particular concern is the very real prospect of powerful quantum computers having the ability to break the mathematical computations that we rely on to protect a large part of our data.

Luckily, solutions are being developed. The most prominent one is the enterprise-wide implementation of novel types of cryptography, which can’t be cracked by quantum computers. Achieving this is far from easy and involves a complex transition process likely to last several years. Bold and forward-leaning organizations are embarking on this now. This will ensure a smooth and secure transition into the quantum era, reaping the benefits of an early transition, whilst mitigating the risk of data exposure in future.

As with other cyber security developments, board-level engagement and commitment are essential to ensure action on quantum risk. Implementing quantum-secure cryptography throughout a modern enterprise and the supply-chain ecosystem will take a multi-year level of focus and investment. It also requires a top-down understanding of the risks involved and the organizational resilience required to mitigate those risks. Driving cross-firm engagement and buy-in, from engineering teams tasked with directing and executing the transition to business teams reliant on efficient and secure technology, will be a critical success factor. Such a diverse stakeholder field requires an active board to guide them throughout the transition process and in making tough decisions when necessary.

Boards, by their nature, can be inclined to have the strategic term interests of the business in mind. Effective boards are likely to see adapting to technological developments, such as quantum computing, as a bedrock part of growing a sustainable business into the future. They will also know the value of being cyber-secure in this space going forward. This will shape the organization’s long-term vision of quantum technology and help keep boards engaged on the topic.

For cybersecurity leaders, the challenge is one of stimulating the most productive board interest and engagement. Cutting through the noise of a highly technical, oft-misunderstood subject is not easy in a board environment, but the following three tips may help:

Talk to your board in terms of opportunities instead of fear, uncertainty and doubt. This is pretty sound advice across the whole cyber landscape these days as a more positive narrative of business enablement takes hold. It certainly applies to quantum risk, where taking positive, early action carries the potential to deliver major benefits to the business. It’s an opportunity, for example, to clean up long-held IT deficiencies or to integrate quantum security in a sustainable way into the design of current and future IT programs. In that sense, it becomes an active influencer of business growth, rather than assuming the traditional role of cyber as the late-to-the-party blocker of progress. Going public with being a quantum-secure enterprise also shows industry leadership in an iconic area of the digital age. In short, the narrative on offer with quantum risk is as much about business opportunity as it is about control and risk management.

Effective boards seek cohesion, efficiency and strong partnership models across the business in advancing core interests. Risk professionals have an opportunity to help drive enterprise-wide collaboration on quantum technology. They should take proactive action in seeking ‘friendly faces’ in other parts of the organization and in developing win-win strategies. Maybe there is a business owner who has been working with IT systems that have long needed modernising. Or a business strategist looking for new ways to impact the market. Don’t carry quantum in your back pocket as the ‘hobby project’ of the cyber team, rather look for ways to build new partnerships across the business.

Know the right moment to raise the topic in the boardroom. Go too early and you run the risk of being misunderstood or not given much attention. Go too late and you lose the opportunity to shape and lead. Maybe a significant news event or internal incident may be the decisive trigger. For example, a recent research paper suggested that current quantum computers could break a common cryptographic standard, something that was picked up in some mainstream business media. Its conclusions turned out likely to be overblown, but news flashes like these can be effective to get quantum security on your board’s radar.

Being aware of quantum risk and addressing the opportunities it holds now can be a significant business driver. Quantum computing is already on the board agenda and the time is now for cybersecurity leaders to actively shape that agenda.