What is quantum cryptography? Cybersecurity is already one of the biggest challenges facing businesses today, but the rise of quantum computers—which use quantum physics to power their problem-solving—threatens to make existing security systems obsolete. Current encryption is, at a basic level, just extremely difficult math: without the correct password, even the most powerful of today’s computers would take decades, if not centuries, to run the billions of calculations required to break through. But quantum computers’ vastly improved power could change this. “Today’s early-stage experiments suggest that it’s only a matter of time before quantum computers will be able to crack the best current encryption in hours or minutes,” says Kei Kumar, emerging technology advisory senior manager, PwC UK. “This would completely undermine the security framework that makes online commerce and communication possible.”
Quantum computing threatens any secure communication conducted over the internet—essentially, anything that involves logging into an account with a username and password—and includes the entire cryptocurrency sector (whose decentralized architecture relies on currently unbreakable cryptography). It also affects any kind of stored information, from a personal cloud drive to a hospital database.
Quantum cryptography, then, is an emerging field dedicated to understanding both how vulnerable our digital information is and how we might build new defenses that can withstand the hacking potential of quantum computers.
What business problems can it address?
Even today’s early-stage quantum computers have already been able to deliver exponentially faster results for some types of problems than the most powerful supercomputers. This promises a revolution in humankind’s ability to solve complex challenges—but it is also likely to create challenges of its own. “Until now, encrypted data could at least be assumed safe for up to 30 years on average, when increasingly powerful computers would render older algorithms crackable,” says Kumar. “In a world with mature quantum computing, that buffer could disappear entirely.”
And although the threat quantum computers could pose to encryption has long been theoretical, researchers in 2023 reported that it was now a reality. Our 2024 Global Digital Trust Insights survey found cybersecurity to already be one of the top concerns of senior IT leaders; as quantum computing evolves, it will increasingly be at the center of future cyber threats. Quantum cryptography—if it manages to evolve to keep pace—will help to counter these threats.
How does it create value?
“There are few sectors that won’t be impacted in some way [by quantum computing],” explains Arit Kumar Bishwas, quantum computing research director, PwC US. “The good news is that as quantum researchers explore these threats, they’re also finding excellent ways of mitigating them, as well as entirely new methods for guaranteeing security in the process.”
Quantum-secure encryption was first deployed to ensure the integrity of local elections in Geneva in 2007, and further experiments in sectors including telecommunications and finance have meant that the technology has continually matured in its promise of a new kind of information security. Private investment in quantum technologies is now surging, with more than US$2 billion in venture capital funding entering the market in both 2021 and 2022. And new quantum encryption standards are already being proposed and negotiated, as industry and government figures alike acknowledge that the countdown to “Y2Q” has begun.
“There will be disruption from both the transition away from existing data security frameworks and the deployment of entirely new technologies, platforms, and systems in the post-quantum cryptography world,” Bishwas says. “Y2Q will be an existential threat similar to that of the Y2K bug, but on a bigger scale—and with similar opportunities for companies that can navigate the transition.”
Who should be paying attention?
Anyone with responsibility over cybersecurity should be keeping tabs on new developments in quantum computing. This is particularly true of CTOs as well as cybersecurity and network architecture teams, in industries including financial services; banking and capital markets; healthcare; energy, utilities, and resources; transportation and logistics; and telecommunications.
How can businesses prepare?
Consider the three pillars of people, process, and technology to understand the potential scale of the risk. Start by developing and maintaining an inventory of cryptographic controls and their potential roles in your business processes to help build greater security into your organization. At the same time, get clarity over the standards and protocols used in both your internal and external tech, including those managed by third parties across your ecosystem. Finally, remember that quantum breakthroughs could come at any time, so invest in upskilling people now. Ensure that anyone in IT system management or software development is aware of the quantum threat to cryptography and understands their role in addressing it.
Learn more
- Science News: Quantum computers could break the internet. Here’s how to save it
- European Telecommunications Standards Institute: Quantum Safe Cryptography and Security: An introduction, benefits, enablers and challenges
- U.S. Cybersecurity & Infrastructure Security Agency: Post-Quantum Cryptography Initiative
- Dr. Arit Kumar Bishwas, et al.: Managing Cyber Security with Quantum Techniques
- PwC Tech Talks: Quantum computing: The end of cyber security?
- PwC United Kingdom: Building quantum into your cyber security strategy
- Subscribe to PwC’s quantum computing newsletter for the latest news and insights in this rapidly advancing field
Last updated on 1 May 2024
Contact us
Tom Archer
Global Technology Consulting & Alliances Leader, Transformation Platform Co-Leader, PwC US