<a href="https://www.ibm.com" rel="nofollow">https://www.ibm.com</a> seems to work OK. As long as they're not using <a href="https://ibm.com" rel="nofollow">https://ibm.com</a> for anything, I guess that's not such a big deal.<p>Of course it makes sense to fix it though.
<a href="http://ibm.com" rel="nofollow">http://ibm.com</a> redirects to <a href="http://www.ibm.com" rel="nofollow">http://www.ibm.com</a> and so on. Not https.