Aussie & Kiwi firms lag in post-quantum crypto readiness
A survey by the Entrust Cybersecurity Institute reveals a significant gap between awareness and preparedness for post-quantum cryptography (PQC) among organisations in Australia and New Zealand.
The 2024 PKI and Post Quantum Trends Study by Entrust shows that while awareness of PQC is increasing, actual preparation for its implementation is lagging. The survey, conducted by the Ponemon Institute, collected responses from IT and IT security professionals across nine countries, including Australia and New Zealand.
According to the study, only a third of organisations in Australia have the necessary scale or technology to transition to post-quantum cryptography. Despite 56% of respondents from Australia and New Zealand planning to migrate to PQC within the next five years, the report highlights that a majority of organisations are not yet prepared to make the transition, citing concerns related to skills, education, and technology.
"There's a shift in the industry with regard to Post-Quantum readiness," said Samantha Mabey, Director of Digital Solutions Marketing at Entrust. "While the questions around the PQ threat used to be 'is it real', the questions as of late are now 'what do I need to do' and 'how'."
Key findings from the study indicate that while support for PQC readiness is increasing, plans for implementation are falling behind. Fragmentation, lack of clear ownership, and insufficient personnel are identified as primary challenges in enabling applications of public key infrastructure (PKI), with 49% of ANZ respondents noting fragmented requirements as a significant obstacle.
Additional concerns were highlighted regarding insufficient scale and technology, strategy, and budget to support PQC readiness. 45% of respondents cited the lack of adequate scale and technology to manage the increased computing power required for PQC. Similarly, the security of post-quantum cryptographic algorithms post-deployment, absence of an enterprise-wide strategy, and inadequate budget were also noted as pressing concerns.
The study further reveals that even among those organisations that decide to migrate to PQC, uncertainty remains over the approach. Only 35% of organisations in ANZ favour a strict PQC plan, while 36% lean towards a hybrid approach, and 21% prefer initial internal testing of PQC.
Commenting on the findings, Samantha Mabey stated, "Organisations know that the threat of PQ is inevitable and impact substantial, but they lack the scale and technology, budget, strategy, skills, and computing power needed to effectively activate a plan, revealing a critical gap between awareness and action as the quantum threat looms. A major focus for organisations in 2025 will be activating these plans, bolstering their visibility into their cryptographic assets, and preparing their teams for a quantum-safe future."
The 2024 PKI and Post Quantum Trends Study is part of a broader examination involving 4,052 respondents from countries such as the United States, United Kingdom, Canada, Germany, United Arab Emirates, Japan, Singapore, and the Middle East. In this report, Ponemon Institute presented findings based on a survey of 2,176 IT and IT security professionals involved in their organisations' enterprise PKI.