Learn@IoD
Cart

Top 5 issues: 4. Quantum leaps ahead

type
Boardroom article
author
By Guy Beatson, General Manager, and Susan Cuthbert, Principal Advisor – Governance Leadership Centre, IoD
date
18 Dec 2024
read time
2 min to read
Top 5 issues: 4. Quantum leaps ahead

As the saying goes, ‘you ain’t seen nothing yet’. AI is beginning to revolutionise many companies and organisations, and we have only seen the beginning in New Zealand. And there is more to come potentially sooner than we expect, including quantum computing. Familiarity with these advancements will help boards guide their organisations in seizing opportunities and mitigating risks in an evolving technological landscape.

Starting in late 2022, chat interfaces with AI took the world by storm, even though AI had existed for decades. A new and faster wave of technological progress, especially in areas such as AI and quantum computing, has the potential to reshape entire industries and is starting to do so internationally. 
 
Quantum computing, once it moves from the research lab to initial commercial use, promises a level of computational power that could change how organisations tackle complex challenges. At the same time, AI is increasingly central to strategic decisions, automating intricate processes and enhancing decision-making. Understanding how  these technologies could influence their organisations will help directors make well-informed choices. 
 
New Zealand firms and organisations are still playing catch-up with AI. Quantum computing, when it hits, will add to the snowball of change that needs to be anticipated to build resilient organisations and take advantage of this further significant technological change. 
 
This will require further investment where there is already a level of tech debt. Taking short-term routes for digital technology to achieve immediate goals can create future challenges that require more resources down the track. For example, quick fixes to address cyber security vulnerabilities now and not addressing the underlying issues can cause significant issues later. 

Why it matters

Quantum computing will offer the potential to address problems that traditional computers cannot manage, providing breakthroughs in areas such as climate modelling, financial risk analysis and managing complex logistics.

Organisations will find new ways to optimise operations or innovate their offerings. AI, synthetic data and other digital tools are fundamentally changing how businesses think about strategy, manage risks and drive innovation. 

For directors, navigating this rapidly evolving area requires balancing investments in today’s technologies, while keeping an eye on the possibilities that quantum computing and other advancements might bring. 

Even if it is not yet with us in our day-to-day lives, the development of quantum computing is advancing rapidly and has significant implications for cyber security. ‘Q-day’ is the anticipated moment when quantum computers will become powerful enough to break current encryption algorithms, effectively compromising the cyber security infrastructure relied upon globally.

As directors and board members, it is imperative to recognise that current encryption methods could be rendered ineffective overnight. There are credible reports of cyberattackers stockpiling encrypted data now, with the intent to decrypt it once quantum technology becomes capable. This means sensitive information that seems secure today could be exposed in the future. Underscoring the urgency of the situation, the United States Government has already issued executive orders and guidance on preparing for quantum cyber security threats. As a further signal of the imperative around this technology, the US National Institute of Standards and Technology (NIST) has released the first three finalised post-quantum encryption standards. 

Directors and boards should prioritise staying informed, assess their organisation’s readiness and support management in appropriately anticipating these developments, rather than having a ‘blind spot’. This includes beginning to consider investing in quantum- resistant cryptographic solutions and updating security protocols accordingly. By taking steps over the next year or two, boards will help to not only safeguard their organisation’s assets but also ensure compliance with emerging regulations. The window for preparation is narrowing. 

At the same time, quantum computing won’t just be a challenge for cyber security. It has the potential to bring opportunities for better protection, with quantum encryption creating secure communication channels, reducing the risk of data being intercepted. 

FOCUS ACTIONS DISCUSSION
Preparing for technological change
  • Directors and boards can take steps to enhance digital technology literacy with focused deep dives on emerging digital technologies and their impact

 
  • What initiatives should the board implement to ensure board members are sufficiently informed about quantum computing’s potential and risks to our industry?
  • How can the board integrate insights from quantum computing experts into strategic planning and ongoing board education efforts?
Balancing timing and investment
  • Add quantum computing readiness into existing strategies and risk management frameworks, using scenarios to assess the potential impact and timing
  • What are the most critical risks quantum computing poses to current data security practices and how should the board address them proactively?
  • How does the board align the organisation’s strategic objectives to leverage quantum advancements without jeopardising existing technology investments and frameworks?
Future-proofing technology decisions
  • Ensure technology strategies approved by the board are flexible and adaptable enough to anticipate and accommodate further quantum computing developments
  • What governance structures can the board develop to remain agile as quantum computing evolves, and new capabilities become viable?
  • How should the board structure partnerships or collaborations with research institutions to keep pace and apply relevant advancements effectively?
Considering data security and risk management
  • Review existing cyber security policy so it reflects the potential risk that quantum computing poses for current encryption methods

 
  • What steps must the board take now to transition the organisation’s data protection measures to post-quantum cryptography, and what timeline should be set for this implementation?
  • How does the board evaluate the potential impact on current risk management and cyber security strategies, and what contingencies should we prepare?