Quantum computing promises to revolutionise industries by dramatically accelerating data analysis and solving problems that are currently beyond the reach of even the most powerful supercomputers. But, as with any disruptive technology, this advancement comes with significant consequences, writes information security expert, Jamie Norton, a board director at ISACA.
Quantum computing is no longer a far-off theoretical concept. As the capacity and accuracy of quantum computing increases, it threatens to upend the digital security foundations that support every modern business, from online banking and medical records to utilities, logistics and government infrastructure.
Yet, alarmingly, 95 percent of organisations globally lack a roadmap to manage this emerging risk, according to ISACA’s new Quantum Computing Pulse Poll.
The findings reflect a troubling disconnect between rising concern and meaningful preparation. This gap is especially relevant for Australia and New Zealand, regions with highly digital economies and critical infrastructure that are only beginning to explore strategic planning around quantum readiness.
The trust gap Is growing
Quantum computing promises to revolutionise industries by dramatically accelerating data analysis and solving problems that are currently beyond the reach of even the most powerful supercomputers. But, as with any disruptive technology, this advancement comes with significant consequences.
Jamie Norton
Perhaps the most urgent risk lies in quantum’s potential to compromise widely used encryption standards. These algorithms are the backbone of digital trust, securing online transactions, digital signatures, healthcare records, communications and intellectual property.
The risk isn’t hypothetical. Bad actors may already be harvesting encrypted data now, planning to decrypt it in the future once quantum capabilities mature, a tactic known as “harvest now, decrypt later.” Over half of ISACA poll respondents (56 percent) cited this as a key concern.
What’s more, 62 percent of digital trust professionals worry quantum computers could crack internet encryption before the world has widely implemented post-quantum cryptography standards, leaving a dangerous gap.
Despite this, only five percent of organisations view quantum computing as a near-term priority and just seven percent report having a strong understanding of the U.S. National Institute of Standards and Technology (NIST) post-quantum cryptography standards, which have been more than a decade in the making.
What’s at stake for New Zealand and Australia?
For leaders across finance, health, logistics and government in New Zealand and Australia, quantum computing should be on the boardroom agenda, not left to IT alone.
In fact, survey results show that concern is higher in Oceania across nearly every measured risk category: from workforce reskilling and compliance challenges to business disruption and cybersecurity vulnerabilities.
The implications for the region are vast…
This heightened concern reflects positive awareness, but it also highlights a worrying truth that many organisations are stuck in reactive mode. With data breaches and cyberattacks on the rise, failing to plan for a quantum future could prove catastrophic for digital trust, customer confidence and business continuity.
The implications for the region are vast. New Zealand’s growing digital economy and national strategies around cloud-first policies and e-government make its data assets especially vulnerable. Meanwhile, Australia’s investments in critical infrastructure, smart cities and defence technology elevate the stakes even further.
The quantum advantage – but only if risk is managed
Despite these challenges, there’s good reason for optimism. Quantum computing also holds tremendous potential for positive transformation. Sixty-three percent of survey respondents believe quantum will significantly accelerate computational tasks and data analysis. Nearly half (46 percent) anticipate revolutionary innovation across many sectors.
Yet realising these benefits will depend on whether we can build secure systems that are quantum-resilient from the outset. And that starts now.
Where smart organisations begin
There’s still time to act, but the window for proactive leadership is narrowing. Here’s where digitally mature organisations are starting:
- Educate stakeholders: Ensure boards, executives and technical teams understand quantum computing, the risks it brings and the urgency of action.
- Assess risk exposure: Identify where your organisation’s sensitive data is stored and how it’s encrypted.
- Build a roadmap: Develop a plan to transition to post-quantum cryptography, starting with the most critical systems.
- Collaborate with vendors: Partner with technology providers and join industry consortia working on quantum-safe solutions.
- Embed into governance: Incorporate quantum readiness into IT audits, regulatory compliance and risk frameworks.
It’s also essential to consider quantum-specific requirements in vendor contracts, data governance policies and digital transformation strategies.
A matter of leadership, not just technology
Quantum readiness isn’t just a technical milestone. It’s an opportunity for strategic leadership to leverage this new revolution of computational power while managing the risks it brings.
Business leaders in New Zealand and Australia must treat this not as an optional IT project but build quantum preparations into long-term resilience planning. Doing so will help protect sensitive data and position forward-thinking organisations to lead the next wave of digital transformation.
For more insights, including ISACA’s checklist for getting started, see: www.isaca.org/quantum-pulse-poll
Jamie Norton, CISA, CISM, CGEIT, CISSP, CIPM, is a board director of ISACA (a global community of IS/IT professionals) and a Chief Information Security Officer (CISO) with the Australian Government. With over 25 years of experience in cyber resilience across government and commercial sectors, he previously served as CISO at the Australian Taxation Office and held leadership roles at NEC, Tenable, Check Point, and the World Health Organisation. A long-time contributor to ISACA, he is also a frequent industry speaker and commentator on cybersecurity.
