How the world can prepare for quantum-computing cyber risks

Sep 28, 2021

Quantum computing is soon to become a technology of the present. Image: IBM Zurich Lab/Creative Commons

Itan Barmes

Manager, Deloitte and Project Fellow, Quantum Security, World Economic Forum

Filipe Beato

Lead, Centre for Cybersecurity, World Economic Forum

Sean Doyle

Lead, Cybercrime Atlas Initiative, World Economic Forum

Our Impact

What's the World Economic Forum doing to accelerate action on Cybersecurity?

The Big Picture

Explore and monitor how Cybersecurity is affecting economies, industries and global issues

A hand holding a looking glass by a lake

Crowdsource Innovation

Get involved with our crowdsourced digital platform to deliver impact at scale

Stay up to date:

Cybersecurity

Listen to the article

Futuristic quantum computing will soon become the technology of the present.
It will be a positive advancement for many disciplines, but the potential security impacts are generally not fully understood by citizens, organizations, or decision-makers.
These different audiences need tailored messaging to enable a collective and coordinated response to mitigate the risk associated with this new technology.
Collective action in advance of quantum computing can offer opportunities to build a new security foundation, which will offer a step-change in our ability to secure our digital infrastructure.

Quantum computers are a technological step-change that look like they could have had their roots in 19th-century science fiction or steampunk art, an aesthetic that blends industrial era imagery like cogs, clockwork, and machine parts with Victorian art and design, and includes futuristic elements like robotics and artificial intelligence

This could be why they are often viewed as computers of the future or part of science fantasy. However, recent advances in the technological underpinnings of quantum computing, as well the required error correction code capabilities, are slowly migrating the conversation from ‘if’ to ‘when’.

Have you read?

When quantum computing becomes more fully available, it will be capable of performing large numerical calculations such as the statistical modelling of chemistry, how we create materials and more accurate predictions of weather patterns.

Along with this modelling ability, quantum computing has the potential to factor large numbers. This could threaten the basis of public-key cryptography algorithms that underpin many of our daily commercial activities such as online payments, secure communications, and a myriad of trusted internet transactions.

Although we still don’t know exactly when this threat will materialize, it is prudent that organizations review their current cryptographic reliance and start to think about when they will need to migrate to post-quantum cryptography.

Post-quantum cryptography is currently being developed under the auspices of the National Institute for Standards and Technology (NIST) and there is reason to be optimistic about the future availability of tools to mitigate the threat posed to cryptography by quantum computing.

Discover

How is the Forum tackling global cybersecurity challenges?

The World Economic Forum's Centre for Cybersecurity at the forefront of addressing global cybersecurity challenges and making the digital world safer for everyone.

Our goal is to enable secure and resilient digital and technological advancements for both individuals and organizations. As an independent and impartial platform, the Centre brings together a diverse range of experts from public and private sectors. We focus on elevating cybersecurity as a key strategic priority and drive collaborative initiatives worldwide to respond effectively to the most pressing security threats in the digital realm.

Learn more about our impact:

Cybersecurity training: In collaboration with Salesforce, Fortinet and the Global Cyber Alliance, we are providing free training to the next generation of cybersecurity experts. To date, we have trained more than 122,000 people worldwide.
Cyber resilience: Working with more than 170 partners, our centre is playing a pivotal role in enhancing cyber resilience across multiple industries: oil and gas, electricity, manufacturing and aviation.

Want to know more about our centre’s impact or get involved? Contact us.

Managing cybersecurity risks

As with many types of technology disruption, getting the right messaging to every level of an organization is crucial. This helps determine that there is neither undue alarm nor complacency at either end of the spectrum.

In response, the World Economic Forum's Global Future Council on Cybersecurity (GFC on Cybersecurity) has identified several different audience personas for quantum and drawn up recommendations tailored for each audience type. These recommendations guide audiences on how to approach the cybersecurity risk aspects of quantum computing, and how to take action.

They are particularly useful for chief information security officers who assess specific risks, and for corporate leaders who must understand that risk in the broader organizational and regulatory context. The recommendations help set out the paradigm shift posed by quantum computing advances and ensure that unprepared organizations can mitigate their vulnerabilities.

Policymakers and standards organizations

Support the development of international quantum cybersecurity and risk management standards for quantum computing
Promote enhanced quantum awareness among leaders from both the public and private sectors
Accelerate development of a cybersecure global ecosystem by including quantum cybersecurity technology as an area of focus

Corporate leaders and boards

Adopt a holistic approach that balances the potential opportunities of quantum computing against the risks
Understand that risks may be necessary to fulfil various regulatory and legal responsibilities
Invest in updating information technology systems and technical infrastructure, and prioritize crypto-agility to avoid lock-in and costly future changes
Invest in the development and acquisition of knowledgeable and skilled staff that understand the technology and the threats

Chief information security officers

Champion quantum computing concerns within the organization and educate corporate leaders and business stakeholders
Launch initiatives to assess quantum computing risks and exposures, and establish and/or modify processes to account for quantum computing capabilities
Build a crypto “inventory” that includes data assets to determine which ones need to be re-encrypted with quantum-resistant cryptographic algorithms

Cybersecurity and privacy practitioners

Research new quantum-resistant and crypto-agile tools. Once these tools are developed and ready for production, utilize them
Participate in related public-private partnerships and industry events to broaden and deepen your quantum-based knowledge
Contribute your business and technical expertise to standards organizations and the global community

End-users and consumers of digital products and services

Data protection laws and policies need to be simplified so that end-users and consumers can understand them. This needs to happen quickly because of the paradigm shift that quantum computing could bring about.

While the GFC on Cybersecurity recommendations are likely to be generally accepted as sound practice, the projected quantum-computing paradigm shift could make unprepared organizations especially vulnerable.

Quantum computing isn’t a threat, but it may be a double-edged sword. While it will create value and may also enhance some elements of security, the less we know about it the more risk we will face. We need to start educating leaders, organizations and citizens right now. And tailoring the message to the right target audience is key.

Under the umbrella of the Quantum Computing Network, the World Economic Forum Centre for Cybersecurity is building a global multi-stakeholder initiative with a view to building a secure quantum economy.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.