Though widespread adoption of quantum computing may still be some way off, cybersecurity professionals outside the quantum computing community are now beginning to address how to future-proof their business against quantum threat. In particular, the threat of bad actors harvesting data to decrypt later when quantum technology matures, is one that is fast becoming a security concern.
Consequently, companies are beginning to protect their data with post-quantum cryptography (PQC), a type of algorithmic encryption that is resistant to attacks from quantum computers. PQC algorithms like Shor’s algorithm can break the encryption standards of classical computing.
Go deeper with GlobalData
The US National Institute of Standards and Cryptography (NIST) released three highly anticipated post-quantum cryptography algorithm standards in August 2024. These standards can be used to “secure a wide range of electronic information, from confidential email messages to e-commerce transactions that propel the modern economy,” according to NIST.
The NIST standards were created so that computer system administrators will be encouraged to, “begin transitioning to the new standards as soon as possible.”
But within the business community, the urgency to transition to PQC is up for debate.
Quantum computing timeline unknowable
Unlike classical computing, which is based on the binary bits representing either a 1 or a 0, quantum computing uses quantum bits (qubits) which draw on the properties of particle physics. The 1 and 0 of a binary system exist simultaneously in a quantum computing system as qubits, suspended in state called superposition. As researchers increase levels of qubits, the challenge is to maintain an error free system.
This technology challenge cannot be underestimated and predictions have already fallen short of actual progress in the field. While hype and investment in the technology peaked in 2021, quantum computing still promises to address some of the world’s most complex challenges with hitherto unimaginable levels of compute power.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataDespite the challenges that quantum computing companies face in the pursuit of an error free system with enough qubits for a working quantum computer, the technology promises use case opportunities across multiple sectors from frictionless real-time financial services transactions and modelling, drug discovery, advanced materials research, personalised healthcare to climate crisis solutions, transport optimisation and energy capture to name just a few.
But there are also risks, says Graeme Malcolm OBE, CEO and founder of Glasgow based quantum laser startup M Squared. “Because as quantum computing becomes available, some of our digital infrastructure becomes susceptible to encryption hacking. There are counter measures to take against these dangers and a lot of effort to move beyond current encryption to be quantum ready on the security side of things,” says Malcolm.
The banking sector is perhaps more prepared with plans to make their systems more reliable. “The little padlock that we see on the on the internet is based on RSA, and at certain point over the next decade or so, we’d expect that quantum computers will be able to break RSA,” warns Malcolm.
Quantum computing ready businesses
Most businesses do not view post-quantum encryption as critical to their security plan in 2025, says GlobalData principal analyst Steven Schuchart, noting the exception of companies within the defence and financial sectors.
“Enterprises do need to understand the issue and the scope of what would be involved in moving to a quantum-resistant encryption scheme – there are a lot of moving parts and they need a plan to tackle the problem,” says Schuchart.
But how much of a perceived versus a real threat is a harvest now, decrypt later threat and should companies be implementing a safeguarding plan now – or can they take a wait-and-see approach? After all, quantum computers, today, do not have the ability to break current encryption.
“While being concerned and informed about post-quantum encryption is a prudent stance for enterprises, harvest now and decrypt later is a more of a perceived threat with less to back it up, outside of national security.
“The relevance of any given piece of data has a finite life. Tactical data, to be used in the short to medium term, is just bulky dross in harvest now schemes. Long term strategic data would be the goal – but the problem with collecting everything is that you must store, decrypt, and then sort through…well everything. A tall order,” says Schuchart.
Schuchart advises companies to look at moving to a more modular way of handling encryption, one that can accommodate a move to quantum-resistant encryption in the future.
“This would allow for quick change over to any new encryption, not just quantum-resistant encryption and means that time and money spent on changes to make it easier to change encryption isn’t solely reliant on quantum computing’s timeline.
“This means understanding what you have now, and what you would need in order to implement a way to change encryption on the fly. Enterprises should be in planning mode, with implementation starting in 2026 or 2027,” says Schuchart.
Indeed, according to GlobalData Strategic Intelligence’s Quantum Computing report 2024, it may well be over a decade before companies have developed the number of error free qubits required for a working quantum computer. Hardware leaders at the forefront of development include IBM, Rigetti, D-Wave and Psi Quantum, as well as Google which is developing both hardware and software.
The urgency of quantum cryptography
Duncan Jones is a World Economic Forum Quantum Security Initiative Member and head of cybersecurity at Quantinuum, formed in late 2021 through a merger between Honeywell Quantum Solutions and the UK’s Cambridge Quantum Computing, a quantum software company with a strong specialisation in cybersecurity.
Jones has long been an evangelist for a proactive approach to quantum safe cryptography and views migration to post-quantum cryptography and quantum security technologies an urgent priority.
Working on the general timeline consensus that a working quantum computer is around 5-10 years away – though this was the timeline five years ago – Jones says organisations cannot afford to wait any longer as it could take equally as long to make cybersecurity systems quantum safe.
And given advancements in quantum technology this is becoming more urgent. Most recently, Google announced its latest quantum chip, Willow, in December 2024, which it claims can perform a standard benchmark computation in under five minutes that would take one of today’s fastest supercomputers 1025 years.
“When it comes to making such systems quantum safe, organisations must consider a layered approach. While post quantum cryptography provides the foundation with quantum resistant algorithms, adding in provable randomness and quantum key distribution (QKD) will strengthen an organisation’s defences,” says Jones.
QKD, transfers data using photons of light instead of the bits that classical computing uses. Confidential data – or a key to that data – transferred between two parties cannot intercepted or decrypted. Any third-party interference will change the state of the photon carrying the key, thereby blocking the transfer and flagging that the communication is not secure. In other words, it’s unbreakable.
Above all, keeping abreast of the threats, in a manner that Jones describes as “crypto agility” is critical. “Organisations must be able to adapt as threats evolve,” he adds.
