Quantum computing is on the horizon, and with it comes a seismic shift in cybersecurity. A new report by Forrester Research, titled “Quantum Security Isn’t Hype — Every Security Leader Needs It,” warns organizations to start preparing now, even though quantum computers capable of breaking traditional cryptographic systems are still five to ten years away.
The Urgency of Quantum Security
While the encryption market has often been flooded with exaggerated claims like “unbreakable encryption,” the hype around quantum security is real. Cybercriminals and nation-states are already employing a strategy known as “harvest now, decrypt later.” This means they are collecting encrypted data today with the intent of decrypting it once quantum computing advances sufficiently.
Sandy Carielli, an analyst at Forrester Research, explains that transitioning to quantum-safe cryptography will take years, as organizations rely on third-party vendors to upgrade their security infrastructures. “There are a lot of steps along the way,” she notes, emphasizing why businesses must act now rather than wait until the threat is imminent.
The Looming Threat: Harvest Now, Decrypt Later
Jamie Boote, a security consultant at Black Duck Software, stresses that quantum computing will disrupt the decades-old approach to encryption. As computing power increases unpredictably, traditional encryption algorithms will become obsolete, leaving sensitive data vulnerable.
To illustrate the urgency, Boote references an old adage: “The best time to plant a shade tree was 20 years ago. The second-best time is today.” The same principle applies to quantum security—organizations must lay the groundwork now to ensure their data remains protected in the future.
Industries with long-term data security needs, such as finance, healthcare, and government, face the highest risk. Rebecca Krauthamer, CEO of QuSecure, explains that information like national security data and banking records remains valuable for years. When quantum computers become capable, previously secure encrypted data could be decrypted in an instant.
Preparing for Q-Day: A Necessary Exercise
Even if quantum computing takes longer to reach its full potential, preparing for Q-Day—the moment quantum computers can break today’s encryption—offers immense benefits. Richard Stiennon, founder of IT-Harvest, suggests that organizations should use this opportunity to audit their encrypted data. Identifying encryption dependencies, key ownership, and potential vulnerabilities will strengthen overall cybersecurity.
Heather West, a senior analyst at IDC, reinforces this idea, stating that many organizations lack a clear understanding of their cryptographic protections. Some rely on patchwork solutions, while others are unsure what encryption methods they currently use. Understanding and updating encryption strategies will be crucial for mitigating post-quantum threats.
The Role of Crypto-Agility in Quantum Security
Experts agree that crypto-agility—the ability to replace and upgrade cryptographic algorithms swiftly—is the key to staying ahead of quantum threats. Tim Callan, Chief Compliance Officer at Sectigo, highlights that algorithmic trust is imperfect, making flexibility essential. Organizations must adopt modular security systems that allow for seamless algorithm replacements.
Matt Mittelsteadt of the Cato Institute echoes this sentiment, advocating for security designs that function like “security Legos”—modular and interchangeable. This approach ensures that if an encryption algorithm becomes vulnerable, it can be replaced without overhauling an entire security infrastructure.
The Trillion-Dollar Risk of Inaction
Stefan Leichenauer, VP of Engineering at SandboxAQ, warns that quantum computing could break traditional cryptographic systems in as little as five years. Even if the probability of this happening within a decade is only 10%, the potential losses—amounting to trillions of dollars—make the risk too great to ignore.
With advancements in quantum computing accelerating, businesses must act now. Conducting cryptographic inventories and implementing crypto-agile solutions will ensure that organizations remain secure in the post-quantum era.
Final Thoughts: Start Preparing Now
Quantum security is not a distant concern—it’s a present-day priority. Organizations must begin transitioning to quantum-resistant cryptography, assess vulnerabilities, and implement crypto-agility to future-proof their data.
The time to act is now. Delaying preparation could leave businesses scrambling when Q-Day arrives, putting sensitive data and financial stability at risk. Don’t wait—start securing your digital future today.