Factors Influencing the Adoption of Quantum Cryptography in the Cybersecurity Industry
J. van Mil (TU Delft - Applied Sciences)
C. Wehrmann – Mentor (TU Delft - Groep Science & Engineering Education)
É. Kalmár – Graduation committee member (TU Delft - Creative Processes)
Julia Cramer – Graduation committee member (Universiteit Leiden)
J. van Keulen – Graduation committee member (TU Delft - Groep Science & Engineering Education)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Encryption is central to securing communication and information exchange in today’s digital society. The rapid progress of quantum computing poses a major threat to this. Once cryptographically relevant quantum computers become available, widely used cryptographic systems could be broken. Quantum cryptography, with protocols such as Quantum Key Distribution (QKD) and newer foundations of protocols such as Quantum Secure Function Evaluations, is being developed as a possible solution. Yet, an open question remains whether industry is ready and willing to adopt these technologies once they move beyond research. This adoption challenge is further complicated by the dynamics of technological hype. The excitement around quantum technologies has attracted investment and media attention and inspired national strategies. However, it also risks inflating expectations and shaping priorities in ways that may not align with practical realities, as has happened with technologies like blockchain.
Against this backdrop, it becomes essential to examine how experts in cybersecurity and quantum research perceive quantum cryptography, navigating between justified optimism and potentially misleading expectations.
Research aim and approach
This thesis explores the factors influencing the adoption of quantum cryptography in the Dutch cybersecurity industry and presents a communication tool for those who promote quantum cryptography, to help enhance future narratives surrounding adoption.
How can the opportunities and challenges of adopting quantum cryptography in the Dutch cybersecurity industry be understood through insights into stakeholder perceptions and adoption dynamics?
This is further broken down into four subquestions:
1. How is quantum cryptography perceived in the cybersecurity industry in the Netherlands?
2. Which theoretical perspectives can help explain the dynamics of innovation and technology adoptionrelevant to quantum cryptography?
3. What insights from adoption models of other security technologies can inform a tailored adoption model for quantum cryptography?
4. How do experts from cybersecurity and quantum cryptography assess the adoption of quantum cryptography in the cybersecurity industry, and which factors do they identify as most influential?
The findings to these research questions are applied in the design of a communication tool to conclude this research.
To answer these questions and apply them in a design, the research followed a triple diamond model (Discover–Define × 2 – Develop–Deliver). The first two diamonds focused on research and analysis, while the third translated findings into a communication design. The methodology combined:
1. A background study of perceptions of quantum cryptography in the cybersecurity industry;
2. The construction of a theoretical framework, drawing on adoption and innovation models;
3. A systematic literature review of adoption models for comparable disruptive security technologies (AI, blockchain, IoT);
4. Expert interviews with professionals in cybersecurity and quantum cryptography;
5. A design phase producing a communication tool to address narrative challenges.
Findings
Perceptions in the Dutch cybersecurity industry
The Dutch cybersecurity field is aware of the quantum threat but demonstrates little urgency or coordination in its response. Awareness is largely concentrated on QKD, with limited recognition of other quantum cryptographic protocols. Quantum cryptography is often viewed as a far future solution rather than an imminent opportunity.
Theoretical framework
Three dimensions help explain adoption dynamics:
• Why innovation is necessary: framed through the Red Queen hypothesis, cybersecurity is seen as a continuous race between attackers and defenders, with quantum computing as a disruptive shift.
• What drives or constrains adoption: Protection Motivation Theory highlights the role of perceived threats and coping abilities, while security economics reveals systemic disincentives for adoption.
• How adoption unfolds: models such as TAM, UTAUT, TOE, and DOI provide insights into processes of acceptance, diffusion, and integration. Together, these perspectives contextualise adoption of quantum cryptography as both a behavioural and systemic phenomenon.
Insights from adoption models of other technologies
Adoption studies of AI, blockchain, and IoT show that effective models are built by combining different theoretical frameworks and adding technology-specific factors. For quantum cryptography, a hypothetical adoption model is proposed that integrates TAM and TOE, supplemented by DOI innovation characteristics (e.g. relative advantage, complexity, compatibility). Additional factors such as perceived trust and perceived security are highlighted, given their critical importance in the context of data security
technologies.
Expert assessments and influential factors
Interviews revealed that adoption of quantum cryptography will depend most strongly on
• A convincing business case (marketing and relative advantage);
• Environmental drivers (standards, certifications, and government regulations);
• Social influence, including hype and lobbying.
Barriers are predominantly technological (complexity, immaturity, fragility of infrastructure, comparison with capabilities of classical cryptography) and organisational (knowledge gaps in both cybersecurity and quantum communities, cost considerations). Importantly, many factors interact: for example, complexity undermines perceived ease of use and trust, while immaturity diminishes relative advantage. To capture these interdependencies, an infographic synthesis was developed, mapping adoption factors, their relationships, and stakeholder perspectives. This visualisation serves both as an analytical synthesis and a decision-support tool, highlighting factors that have greater or more direct impacts on adoption intention and how their effects are viewed by stakeholders.
Design contribution
Building on the findings, a communication tool was designed to address the issue of fragmented narratives. Stakeholders often rely on a single narrative, such as the hype of absolute security. This oversimplifies the reality of quantum cryptography and risks undermining trust. The design introduces the ”Dice of Narratives of Quantum Cryptography”, a metaphorical cube with six narrative perspectives. Just as one cannot see all faces of a dice at once, stakeholders rarely perceive all narratives simultaneously. Rolling the dice becomes a way to encounter multiple perspectives, emphasising that only by combining narratives one can make a more balanced and trustworthy story. The tool is intended for use in policy workshops on conferences (e.g. Quantum Meets), engaging stakeholders such as policymakers, industry leaders, and advocates. By encouraging participants to combine and compare narratives, the tool promotes more nuanced discussions between stakeholder, so future users can make better informed decisions.
Future research directions
This exploratory study of quantum cryptography adoption in the Dutch cybersecurity industry suggests several avenues for further research. First, the proposed hypothetical adoption model could be validated through larger-scale surveys to assess the relative weight and interactions of factors across stakeholders. Longitudinal studies could track how perceptions evolve alongside technical developments and pilot projects. Comparative research across countries would reveal how adoption dynamics differ under varying levels of investment, regulation, and infrastructure readiness. The influence of hype, lobbying, and narratives needs deeper investigation, starting with systematic mapping of currently circulating narratives in industry, policy, and media. The role of standards and certifications on trust, investment decisions, and experimentation should also be explored. Finally, the adoption dynamics infographic that resulted from this research, provides additional paths for design-oriented studies, investigating how different lines of influence can be visualised, communicated, and tested in practice.