Companies are ‘woefully unprepared’ for both the risks from and impact of quantum computing, warns ratings agency Moody’s. This includes updating systems to use post-quantum cybersecurity. One analyst told Tech Monitor large organisations should have “readied themselves” by now for the impact the technology will have.
In its new quantum research report, Moody’s spoke to 200 data, analytics and innovation leaders for financial services and banking companies across Europe and North America. It found 87% of companies lack the budget to adequately invest in the nascent technology.
The report also found that despite warnings from governments and cybersecurity professionals that quantum computers will be able to crack encryption, 86% of those companies surveyed admitted they are not ready for post-quantum cybersecurity. That is despite 84% saying they foresee the need to be ready in the next 2-5 years.
One of the biggest threats facing companies today is from hack now, decrypt later. This is the practice of cybercriminals stealing encrypted information with the intention of cracking it once quantum computers are powerful enough to break the encryption. Thanks to a better understanding of error mitigation and improved algorithms it is expected this point could be reached within a decade.
“Our survey revealed the top five high-potential use cases for quantum computing are: risk analysis, stress testing, cybersecurity, synthetic data, and the detection of fraud and money laundering,” the authors explained. It could also power breakthroughs in high-frequency trading, fraud prevention and derivative pricing. All areas with complex calculations at the root.
The financial services sector is seen as an early adopter of the technology, with even today's noisy quantum hardware able to make an impact on areas like fraud detection and solving optimisation problems. The majority of the companies investigating quantum computing felt that risk analysis has the biggest potential for impacting the financial services sector. This is the process of identification, analysis and acceptance or mitigation of investment decisions. It contains a significant number of variables and points of consideration which is well suited to the way quantum hardware works.
A paper published in the journal Quantum Information Processing by Sascha Wilkens and Joe Moorhouse at BNP Paribas found that while the current number of available qubits is "far too low to render an actual business application viable" the constraint could be eased in the not too distant future with the advent of the first 1,000+ qubit machines. However, they explained that the million plus fault-tolerant qubit mark "certain computationally intensive algorithms and applications from the financial engineering world might be routinely handled with quantum hardware".
Too late to 'wait and see' on quantum computing
Sergio Gago, managing director for quantum computing at Moody’s Analytics said: “While a ‘wait and see strategy’ is unsurprising, the rising tides of cyber and quantum risk necessitate action from the finance industry. The industry is unprepared for a ‘Y2Q’ event and there is a critical need for education both at the executive and technical levels.”
He warned that every financial institution should have a quantum cybersecurity strategy in place today. If that 86% unpreparedness rate is reflective of enterprise as a whole then it would be a “concerning metric” particularly for financial institutions.
Preparing for a post-quantum cybersecurity environment will require more than just switching to a post-quantum form of cryptography. Many of the existing encryption systems are "on chip" or built into a device. There are also risks throughout the supply chain with significant changes to infrastructure required.
Writing in the report for Moody's Julian van Velzen, CTIO and head of Capgemini’s Quantum Lab, emphasised the importance of post-quantum cryptography, particularly in the financial sector. “The thing about post-quantum cryptography is that it’s essential for everyone who has critical infrastructure, such as utilities and financial services,” he said. “It’s crucial to have secure encryption methods to protect our customers’ information.”
Overall, only 14% of respondents are actively developing quantum computing capabilities either in-house or with external partners. Kristin M. Gilkes, EY Global Innovation’s quantum leader said any large company not actively exploring quantum needs to take action. Speaking to Tech Monitor prior to the Moody's report's publication, Gilkes said “it isn’t too late” for businesses to get up to speed on quantum risk.
“I don't think that it requires a lot of investment,” Gilkes said. “We're really trying to democratize this in such a way that everybody can experiment with it. I think that companies should think of it from an offence and defence perspective. If they're limited or constrained, then perhaps they should really consider the defensive side, which would be the cyber security side, quantum encryption, end to end, that sort of thing.”