Quantum Computing & Cybersecurity

The Hype vs. The Reality

AI may be dominating the headlines right now, but another question I’m increasingly hearing from boards and executives is about quantum computing — and whether it poses a real threat to their business. 

While quantum computing has been hitting technology and cybersecurity headlines for years, it is often framed as either a revolutionary breakthrough or an impending doom for security as we know it. The reality lies somewhere in between. 

 Quantum computers use principles of quantum mechanics to process information in fundamentally different ways than classical computers. While this makes them incredibly powerful for certain types of calculations, they are still in their infancy. Current quantum systems are experimental, unstable, and limited in scale. 

Despite the progress being made by companies like Google, IBM, and others, we are still years—if not decades—away from large-scale, fault-tolerant quantum computers that could break modern encryption. But forward-looking threat actors aren’t waiting for that day — they’re already stealing encrypted data now, planning to decrypt it when the technology catches up. 

This shifts the risk conversation: it’s not about when encryption will break, but about how long your encrypted data needs to stay secure. If that data will still be sensitive in 5, 10, or 20 years, now is the time to start thinking about quantum resilience. 

The ‘Harvest Now, Decrypt Later’ Threat

One of the biggest concerns with quantum computing isn’t that encryption will be broken overnight—it’s that threat actors are already thinking ahead. The strategy known as “harvest now, decrypt later” involves intercepting and storing encrypted data today, with the intention of decrypting it in the future when quantum computers become powerful enough to break modern cryptographic protections. 

 While this might not seem like an immediate issue, it’s particularly relevant for organisations handling data with long-term value. For example: 

• Intellectual Property & Trade Secrets – A patent, proprietary algorithm, or business strategy stolen today could be decrypted in 5–10 years, just as it becomes most commercially valuable. 

• Medical & Financial Records – Personally identifiable information (PII), financial transactions, and health records can remain useful to cybercriminals for decades. 

• Government & Defence Data – National security information, diplomatic communications, and classified intelligence often retain strategic value for decades or longer. 

 This is why some governments and industries are already working towards quantum-resistant encryption, even though practical quantum threats are still years away. The real risk isn’t quantum computing itself—it’s the data being stolen today that could be exposed later when current encryption methods become obsolete. 

For businesses, the key question today isn’t “when will quantum computers break encryption?” but rather “will my encrypted data still be valuable when that happens?” 

Is Your Data at Risk in 5+ Years?

Not all data needs quantum-resistant protection, but some types of information retain their value well beyond the typical lifespan of today’s encryption methods. The key question for businesses is: 

Will your data still matter in 5, 10, or 20 years if it were suddenly decrypted? 

 To assess this, consider: 

• Short-Lifespan Data – Information like credit card numbers or short-term contracts may not need quantum-safe encryption, as they will likely be obsolete before quantum decryption is possible. 

• Medium-Term Data – Employee records, legal agreements, and business negotiations could still be sensitive in a decade, especially if they relate to financial commitments or regulatory compliance. 

• Long-Term Data – Intellectual property, trade secrets, medical records, and classified information may remain valuable (or damaging) for decades, making them prime targets for “harvest now, decrypt later” attacks. 

For highly regulated industries—such as financial services, healthcare, legal, and government—data longevity is a critical concern. A leaked contract or decrypted email from 2024 might not matter in 2030, but a decrypted biometric database, trade agreement, or medical research study could have serious consequences. 

Businesses should start by identifying their most sensitive, long-term data and evaluating whether it would still pose a risk if exposed in the future. This doesn’t mean adopting quantum-resistant encryption overnight, but it does mean being strategic about what data to protect and when to start planning for post-quantum security. 

Preparing for a Post-Quantum Future

While quantum computing isn’t an immediate threat, forward-thinking organisations are already preparing for a future where current encryption methods become obsolete. The transition won’t happen overnight, but businesses that take early steps will be better positioned to protect their long-term data. 

Post-Quantum Cryptography (PQC)

Governments, cybersecurity researchers, and standards bodies—such as NIST (National Institute of Standards and Technology)—have been working on quantum-resistant encryption algorithms. 

• On August 13, 2024, NIST released the final versions of three post-quantum cryptographic standards. 

• In March 2025, an additional standard was added to further strengthen quantum-safe encryption options. 

• These algorithms are designed to withstand both classical and quantum attacks, providing a foundation for the future of secure communications. 

With these standards now finalised, organisations should focus on assessing their cryptographic dependencies and planning their transition rather than waiting for further updates. 

Hybrid Encryption Stratgies

Many organisations are adopting hybrid encryption, which combines traditional and quantum-resistant encryption to ensure a smoother transition. This approach provides a layered security model, ensuring data remains protected both now and in the future. Hybrid strategies allow businesses to start implementing quantum-resistant cryptography without immediately replacing all existing systems. 

Industry & Government Initiatives

Governments and major industries are already taking action: 

• NSA Quantum-Readiness Mandate – The NSA has mandated that U.S. government agencies transition to quantum-resistant encryption by 2035. 

• Tech Industry Adoption – Companies like Google, Microsoft, and IBM are integrating post-quantum encryption into their security architectures. 

• Financial & Healthcare Sectors – Industries that rely on long-term sensitive data protection (e.g., financial services, healthcare, legal) are evaluating quantum-safe encryption strategies. 

So What Should Business Do Right Now?

Quantum computing isn’t an immediate crisis, but businesses shouldn’t ignore it either. While large-scale quantum attacks are still years away, organisations handling long-term sensitive data should start preparing now to avoid being caught off guard. Here are some practical steps to take today: 

1. Identify Data with Long-Term Sensitivity

• Conduct a data inventory to determine which information could still be valuable (or damaging) in 5–10 years. 

• Prioritise protecting intellectual property, financial records, medical data, and government/regulatory information. 

2. Assess Your Risk Exposure

• Evaluate how much of your encrypted data could be stolen today and decrypted later. 

• Consider whether your organisation needs to start transitioning to quantum-safe encryption for certain types of data. 

3. Stay Updated on Post-Quantum Cryptography

• Follow developments from NIST, NSA, and industry leaders working on post-quantum encryption standards. 

• Monitor software and hardware vendors to understand when they will support quantum-resistant cryptography. 

4. Engage with Vendors & Partners

• Ask cloud providers, SaaS vendors, and other third-party partners about their quantum security roadmap. 

• Ensure they have a plan for transitioning to post-quantum encryption. 

5. Develop a Long-Term Transition Strategy

• Quantum migration isn’t an overnight switch—it will require gradual adoption of quantum-resistant encryption. 

• Consider a hybrid encryption approach, where both traditional and quantum-safe encryption methods are used together until full migration is possible. 

Final Thoughts

Businesses don’t need to panic about quantum computing yet, but they should start planning. The key takeaway is to assess whether your encrypted data will still matter when quantum decryption becomes viable. If the answer is yes, then it’s time to start tracking quantum security developments and ensuring your organisation is ready for the shift. 

On a side note, this article is based on publicly available information as of May 2025. I’m looking forward to revisiting it in 5+ years to see how well it’s aged — or whether a major breakthrough has accelerated the timeline 😊 

If you’re unsure whether your organisation should start preparing for quantum risks, we’re happy to help you assess your data sensitivity and readiness roadmap. Just reach out.