The emergence of quantum computing poses a significant threat to modern encryption standards, with the potential to render widely used cryptographic protocols obsolete. To mitigate this risk, organizations must transition to post-quantum cryptography (PQC), a process that requires technical, operational, and strategic adjustments. However, the pace and approach to adoption vary across industries and organizational size, influenced by both external pressures and internal capabilities. This study employs a mixed-methods approach, incorporating 14 expert interviews and survey responses from 37 cybersecurity professionals to examine the factors driving and inhibiting PQC adoption. The findings reveal that while regulatory mandates play a role, organizations are increasingly guided by risk exposure and reputational concerns. Key challenges include resource constraints, reliance on third-party vendors, and the complexity of cryptographic inventory assessments and legacy systems. Despite these challenges, the study found that PQC adoption will accelerate as risk awareness grows and implementation guidelines become available. It emphasizes the importance of a strategic, resilience-focused approach to cybersecurity, incorporating cryptographic agility, continuous assessments, and hybrid encryption solutions to navigate the evolving threat landscape.
| Date of Award | 5 May 2025 |
|---|
| Original language | English |
|---|
| Awarding Institution | - Universidade Católica Portuguesa
|
|---|
| Supervisor | Peter V. Rajsingh (Supervisor) |
|---|
- Quantum computing
- Cybersecurity
- Post-quantum cryptography
- Risk management
- Cryptographic agility
- Technology adoption
- Dynamic capabilities
Adoption of post-quantum cryptography in organizations: challenges and drivers
Zimmermann, D. (Student). 5 May 2025
Student thesis: Master's Thesis
