Cybersecurity in a Post-Quantum World: Strategic Implications on Securing Data Encrypted by RSA Encryption
Boxström, Johnny (2025)
2025
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2025111127720
https://urn.fi/URN:NBN:fi:amk-2025111127720
Tiivistelmä
Quantum computers are developing quickly, and this means that a post-quantum cybersecurity scenario where current encryption algorithms can be broken using a powerful enough quantum computer might become reality sooner than we think. The aim was to study strategic implications for companies, should such a scenario become reality.
This thesis studied the feasibility of a quantum computing breakthrough that could one day break the RSA cryptosystem. The second topic that this thesis explored was how well companies in Finland are aware of such a threat. The third topic focused on creating a framework based on existing strategy and IT frameworks, combined with insights into the post-quantum cybersecurity threat, to establish a new framework that can help companies in establishing a post-quantum cybersecurity strategy.
Previous research on the topic was used as a source of information to answer the research questions as well as a semi-structured interview on the topic, to gain better understanding of the awareness, preparedness, actions and communication on post-quantum cybersecurity in Finnish companies.
The thesis concluded that the threat is real, and actions have already been taken on a national level in Finland through updated National Cybersecurity and Quantum Technology strategies to mitigate the risks. The companies participating in the interviews had not taken any concrete action yet towards a post-quantum cybersecurity strategy, but they found it relevant and thought that a strategic framework regarding the topic would be helpful to develop such a strategy in the future.
Finally, a strategic framework was created using SWOT and PESTLE, in combination with common IT Risk development frameworks and prepopulated with questions that were formulated based on insights from previous research on post-quantum cybersecurity as well as from the interviews.
This thesis studied the feasibility of a quantum computing breakthrough that could one day break the RSA cryptosystem. The second topic that this thesis explored was how well companies in Finland are aware of such a threat. The third topic focused on creating a framework based on existing strategy and IT frameworks, combined with insights into the post-quantum cybersecurity threat, to establish a new framework that can help companies in establishing a post-quantum cybersecurity strategy.
Previous research on the topic was used as a source of information to answer the research questions as well as a semi-structured interview on the topic, to gain better understanding of the awareness, preparedness, actions and communication on post-quantum cybersecurity in Finnish companies.
The thesis concluded that the threat is real, and actions have already been taken on a national level in Finland through updated National Cybersecurity and Quantum Technology strategies to mitigate the risks. The companies participating in the interviews had not taken any concrete action yet towards a post-quantum cybersecurity strategy, but they found it relevant and thought that a strategic framework regarding the topic would be helpful to develop such a strategy in the future.
Finally, a strategic framework was created using SWOT and PESTLE, in combination with common IT Risk development frameworks and prepopulated with questions that were formulated based on insights from previous research on post-quantum cybersecurity as well as from the interviews.