Your encryption is already obsolete. Quantum will crack it — unless you move now to post-quantum security.
Quantum computing is poised to redefine the technological landscape. While its potential to transform industries like pharmaceuticals and new material creation is well known, its implications for enterprise security are just as profound — and far more urgent.
The quantum threat to encryption
Most of today’s encryption methods make it virtually impossible for attackers to decode information without having access to the correct keys. Today’s protocols are based on mathematical problems using methods like large prime number multiplications, and factoring those large numbers would take even the fastest classical computers millions of years to solve. Two widely used current methods rely on problems like factoring large prime numbers (RSA) and elliptic curve mathematics (ECC), both of which will be vulnerable to quantum attacks.
The anticipated speed available with quantum computers is dangerous and the implementation of Shor’s algorithm, developed in the 1990s, showed that a powerful enough quantum computer could break RSA-based encryption by factoring large prime numbers with ease. While no machine today has the required scale, progress suggests it’s only a matter of time.
This poses an existential risk for enterprises. Sensitive communications, transactions, intellectual property and even national security data protected by current standards could be exposed. Even more concerning, encrypted data intercepted today could be stored and decrypted years from now — once quantum computers are capable — through a ‘harvest now, decrypt later’ strategy.
The promise of post-quantum cryptography
Thankfully, the cybersecurity community is preparing. Researchers are developing post-quantum cryptographic (PQC) algorithms designed to withstand quantum attacks. These new methods rely on mathematical problems that remain hard even for quantum systems.
In 2022, the U.S. National Institute of Standards and Technology (NIST) announced a first group of PQC algorithms for standardization, including lattice-based schemes like CRYSTALS-Kyber and CRYSTALS-Dilithium.
Enterprises should begin auditing their cryptographic infrastructure and testing quantum-resistant protocols. But the transition won’t be easy. Legacy systems may need major updates, and achieving global interoperability will be complex. CISOs must treat this as a strategic priority and plan accordingly.
Quantum key distribution: The secure channel of the future
While PQC is a strong defense, quantum technologies can also be used offensively — against attackers. Quantum key distribution (QKD) is one such tool. It enables encryption keys to be exchanged securely using quantum mechanics.
QKD uses photons — the smallest units of light — to securely transmit encryption keys. Any attempt to intercept them disturbs their quantum state, alerting the sender and receiver. This makes QKD theoretically immune to interception — any attempt to eavesdrop reveals itself by altering the quantum state, which breaks the common key.
China is leading the way in QKD. In 2016, it launched the Micius satellite, which demonstrated QKD between ground stations thousands of kilometers apart — a milestone in secure quantum communications. As well as several other live uses that use fiber-based communications for transporting the photons. These systems are currently limited to a few hundred miles in the most extreme cases.
For most enterprises, QKD isn’t yet practical due to high costs and infrastructure demands. But it offers a glimpse of what’s possible. As commercial solutions emerge, QKD could become vital for securing highly sensitive data in sectors like finance, healthcare and defense.
How enterprises can prepare today
The quantum era may seem far off, but its security implications require immediate attention. Here’s how CISOs and tech leaders can begin:
- Audit encryption systems. Identify where your organization uses quantum-vulnerable algorithms like RSA and ECC. Prioritize critical systems and begin planning migrations.
- Track PQC standards. Follow NIST’s evolving standards and evaluate PQC algorithms in testbed environments.
- Protect long-lived data. Secure intellectual property, legal records or other data that must remain confidential for years. Assume the data intercepted today could be decrypted later.
- Watch QKD developments. While not yet broadly deployable, QKD is advancing. Organizations handling high-value or long-lived data may benefit from early pilot projects.
- Collaborate broadly. Join industry consortia or academic partnerships to stay ahead of breakthroughs and bridge talent gaps in quantum expertise.
- Educate stakeholders. Quantum computing is a business risk, not just a technical one. Make sure leadership understands the urgency and opportunity.
- Create a long-term roadmap. Quantum readiness will take years. Develop a plan for upgrades, investments and talent development.
The cost of inaction
Governments and adversaries are already investing heavily in quantum tech. China’s progress in QKD is a stark reminder of the geopolitical stakes. Enterprises that delay preparation risk both catastrophic breaches and falling behind more proactive competitors.
The timeline is uncertain. Some experts predict quantum computers capable of breaking encryption are 10–20 years away; others say it could happen sooner. Waiting until the threat is real will be too late.
Preparing for a quantum future
Quantum computing is a double-edged sword — threatening today’s security models while offering new tools to build stronger ones. Navigating this moment requires vision and proactive planning.
CISOs and tech leaders must act now — investing in PQC, exploring quantum-enhanced tools and educating stakeholders. The question isn’t whether quantum computing will disrupt enterprise security. It’s whether your organization will be ready when it does.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
