Commvault Boosts Quantum-Safe Encryption To Tackle Emerging Cyber Risks
Commvault has expanded its quantum-safe encryption toolkit, becoming one of the first major cyber resilience vendors to support the Hamming Quasi-Cyclic (HQC) algorithm—part of its broader strategy to protect against next-generation threats enabled by quantum computing.
The company announced today that its Commvault Cloud platform now supports HQC, a NIST-recommended algorithm designed to address 'harvest now, decrypt later' risks. These involve adversaries capturing encrypted data today to decode it in the future, once quantum computing reaches sufficient maturity.
'Quantum computing will change everything we know about encryption and cyber defence,' said Bill O'Connell, Commvault's CSO. 'Our goal is to stay ahead of these shifts, giving customers the tools they need before threats materialize.'
Commvault's commitment to post-quantum cryptography dates back to August 2024, when it introduced a crypto-agility framework and support for standards like CRYSTALS-Kyber and SPHINCS+. With today's additions, the company continues to set the pace in an increasingly urgent race.
The update is especially relevant for sectors like healthcare and finance, where data must be protected for decades. Commvault's Risk Analysis tools help organizations pinpoint which data sets could benefit from quantum-safe encryption, making the transition easier through a simple checkbox interface.
'Quantum readiness has become a business imperative,' said IDC's Phil Goodwin. 'Commvault's leadership in this space positions it as a proactive player in data protection.'
The PQC features are immediately available for all Commvault Cloud users on version CPR 2024 (11.36) and above.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
5 days ago
- Techday NZ
ANZ businesses overestimate cyber readiness amid resilience gap
A new study by Commvault has shown that most business leaders in Australia and New Zealand overestimate their preparedness for cyberattacks, with many experiencing confusion and delays following incidents. The annual report, titled "The State of Data Readiness – Continuous Business in Focus", was commissioned by Commvault and conducted by Tech Research Asia. It draws on the views of 408 business leaders across the region and examines the readiness of organisations to handle cyber threats and maintain business continuity. The findings reveal a critical difference between perceived and actual resilience. While most organisations believe they have robust plans to recover from cyberattacks, only 12% rate their ability to operate effectively during an incident as 'excellent'. Nearly a quarter rate themselves as 'bad' or 'terrible' when it comes to resilience during a cyber event. Widespread attacks According to the study, 70% of organisations in Australia and New Zealand experienced a cyberattack in the past year. Almost all were subjected to ransomware demands. Interestingly, while 54% of surveyed companies have policies not to pay ransoms, 15% of those still made payments when faced with real-world incidents. Expectations among business leaders around recovery times diverge significantly from reality. 80% expect systems to be restored within five days of a cybersecurity event. Almost a quarter believe their organisation can recover fully in a single day. In practice, IT leaders report it takes an average of four weeks to reach even a minimum level of operational recovery, with 55% of organisations requiring more than a week to restore key functions. Notably, 20% of respondents say it takes their business an average of 45 days to fully recover from a cyber incident, compared to a global average of 24 days. This mismatch underscores a resilience gap that presents particular challenges for organisations as they confront rising attack volumes and operate within the context of some of the world's strictest cyber and privacy regulations. Growth in cloud adoption and data sprawl, combined with emerging requirements such as artificial intelligence rules and increasing compliance pressures, mean that resilience strategies must continually adapt. "The data is clear - many ANZ organisations still treat cyber resilience as a post-incident task, and not a strategic priority," commented Martin Creighan, Vice President, Asia Pacific. "The rising frequency and impact of cyberattacks across the region should serve as a wake-up call. With recovery times stretching into weeks, the risk to business continuity has never been higher. Resilience must be driven from the boardroom - not just the IT team," added Creighan. Rising complexity and compliance While data growth in the region slowed moderately at 27%, the complexity of IT infrastructures increased. 62% of organisations now operate in hybrid or multi-cloud environments. However, over half of companies in both Australia (54%) and New Zealand (63%) report lacking full visibility into their cloud environments, including relationships, metadata, and system dependencies. This level of visibility is necessary for a coordinated and effective recovery when incidents occur. Compliance issues further complicate recovery efforts. 34% of businesses surveyed are subject to at least four different regulatory and compliance requirements, such as APRA and SoCI rules. 27% admit that they are uncertain about the regulations with which they need to comply to be fully legal. Additionally, 54% face conflicting regulatory regimes for cross-border data transfers, increasing the pressure to achieve resilience not only technologically but also through compliance readiness. Incident responses lag The research finds that although the majority (70%) of organisations have incident response plans, only 30% regularly test all mission-critical systems. This lack of comprehensive testing leaves concealed weaknesses in cyber recovery strategies. The consequences of such gaps can be severe. Three quarters of companies surveyed (74%) have experienced data exfiltration, and one third lost access to all data following a cyber incident. Only 32% managed to recover 100% of their data after an attack. "True resilience doesn't begin at the point of attack, it is built long before," said Gareth Russell, Field CTO, Asia Pacific, Commvault. "We need to shift from a response mindset to a readiness mindset where one must ask the hard questions: 'If we were hit tomorrow, how quickly and how cleanly, could we recover?' If that answer isn't clear, then investment and focus are urgently needed." Added Russell. The report is based on a survey of Chief Information Officers, Chief Information Security Officers, IT Leaders, decision makers, and their direct reports from across Australia and New Zealand. The snapshot highlights the continuing challenges faced by the region's organisations as they strive to strengthen cyber resilience in an evolving landscape.
Scoop
5 days ago
- Scoop
Hidden Costs Of Ransomware: ANZ Businesses Admit To Paying Despite ‘No Payment' Policies
Ransomware is revealing the fragility of policy over panic. New research released today by Commvault has exposed how many Australian and New Zealand organisations are abandoning their official stances when confronted with real-world ransomware attacks. The report—based on responses from over 400 business and IT leaders across the region—found that while 54% of organisations had formal 'no payment' policies in place, 15% of them still chose to pay the ransom when hit. That contradiction highlights how operational pressure and reputational fears often override cyber response plans in the heat of the moment. In total, 70% of organisations reported experiencing a cyberattack in the past 12 months, with the overwhelming majority involving ransomware demands. Alarmingly, one in three companies lost access to all their data during the attack. Only 32% were able to recover 100% of their data. 'The fact that some companies are willing to pay, despite the risks and the policy, is a sign that they feel they don't have a viable alternative,' said Gareth Russell, Field CTO for Asia Pacific at Commvault. 'That's not resilience—that's desperation.' The report highlights the role of inadequate preparation and testing. Although 70% of respondents said they had an incident response plan, only 30% test it thoroughly across all mission-critical workloads. The result? Severe blind spots that only become obvious after it's too late. Ransomware payment is not just a moral and legal concern—it has long-term operational and compliance implications. Cybercriminals who receive payment are more likely to target the same organisation again, and paying may not guarantee full data restoration. The Commvault report urges organisations to shift from reactive playbooks to proactive investment in backup, testing, and cyber resilience planning. 'True resilience doesn't begin at the point of attack—it's built long before,' Russell added.
Techday NZ
5 days ago
- Techday NZ
Diligent named leader in IDC MarketScape for GRC software 2025
Diligent has been named a Leader in the IDC MarketScape Worldwide Governance, Risk, and Compliance Software 2025 Vendor Assessment. The recognition places Diligent at the forefront of global governance, risk and compliance (GRC) software providers, following a period of product launches and acquisitions focused on enhanced AI-powered GRC capabilities. Report findings The IDC MarketScape's assessment, one of the sector's most detailed analyses, evaluates software vendors based on both qualitative and quantitative criteria over a projected three-to-five-year timeframe. Diligent was reviewed on the strength of its strategic vision and the capabilities of its products. In the report, IDC MarketScape notes: "The Diligent One Platform is a true single platform of AI-powered cross-organisational GRC capabilities that are modular, enabling customers to be met where they are in their GRC maturity journey." The report continues by highlighting that Diligent's solutions are "the gold standard in board reporting" and that its roadmap "promises unique and value-added outcomes so organisations can truly manage risk and compliance bottom up." Platform and approach Diligent's suite of GRC offerings includes new products such as GovernAI and AI Risk Essentials, as well as the acquisition of Vault Platform, an AI-powered ethics and compliance solution. These moves are cited as reinforcing the company's focus on delivering GRC solutions leveraging artificial intelligence. Brian Stafford, President and Chief Executive Officer of Diligent, commented on the announcement. "Being named a Leader in the IDC MarketScape for GRC Software is not only a testament to our AI-powered platform but also a reflection of our unwavering commitment to our clients across the globe. We are grateful to the over 25,000 clients who trust Diligent for AI-powered governance solutions every day. As the global leader in GRC innovation for 20+ years, we're dedicated to providing best-in-class GRC solutions that drive operational excellence and mitigate risk." Phil Harris, Research Director, Governance Risk & Compliance Services at IDC, also addressed the reasoning behind Diligent's Leader placement. "Diligent has been positioned as a Leader in the evaluation of the Worldwide Governance, Risk and Compliance Software providers for its strategic, comprehensive and robust AI platform. The Diligent One Platform can power company-wide GRC capabilities for organisations of every size and maturity level." Industry context Diligent's recognition from IDC MarketScape adds to other industry endorsements, including those from Chartis and Forrester, as well as positive feedback on review sites such as G2 and Trust Radius. The IDC MarketScape assessment model provides an overview of the competitive positioning of technology suppliers in distinct markets, rating participants based on both product and service offerings, and the strategies underpinning their medium- to long-term success. Diligent reports serving more than 1 million users and 700,000 board members globally, providing technology to support risk management, governance processes and decision-making. Follow us on: Share on:
