Deloitte: Companies Face Harvest Now, Decrypt Later Quantum Threat

Just over half (50.2%) of professionals responding to a Deloitte poll who are considering quantum computing benefits believe that their organizations are at risk from "harvest now, decrypt later" (HDNL) cybersecurity attacks.

Under an HNDL attack, a malicious actor harvests encrypted data from an unsuspecting organization and holds it until a quantum computer powerful enough to decrypt it becomes available. Once a quantum computer achieves this milestone, all security guarantees based on this cryptographic algorithm are obsolete. 

“It's encouraging to see that so many of the organizations with quantum computing awareness are similarly aware of the security implications that the emerging technology presents. But it's important to note that 'harvest now, decrypt later' attacks are something all organizations – whether or not they're considering leveraging quantum computing – stand to face in a post-quantum world,” said Deloitte & Touche risk and financial advisory managing director Colin Soutar.

"As quantum awareness grows within boardrooms, C-suites and security teams, we're hopeful that organizations' efforts to prepare for post-quantum cyber risk management will grow as well."

The poll revealed a lack of consensus about when to assess an organization's post-quantum encryption vulnerabilities. Nearly half of all respondents (45%) expect to see a related risk assessment from their organization within a year. An additional 16.2% expect their organizations to complete such an assessment within the next two to five years. 

Just over a quarter of respondents (27.7%) believe their organization's risk management efforts on this issue are contingent on regulatory pressure. Another 20.7% of respondents ascribe leadership demand as the deciding factor in addressing their organization's post-quantum capabilities.   

Finally, more than one out of nine respondents (11.7%) believe a cyber incident would be required to compel such risk management efforts. 

Soutar said he believes the poll results reflect the need for “good cyber hygiene – such as developing a cryptographic inventory, honing data governance, and managing certificates – (which) are all good steps for today and for when we are more completely in the quantum era.”