Quantum computing is coming, and with it, a threat that up until recently has been largely hypothetical. But cybercriminals aren’t waiting for quantum computers to arrive. They’re operating under a “harvest now, decrypt later” mindset that immediately poses a risk to your data. Before we delve into the risks, the ways in which to mitigate those risks, and the importance of developing a proactive strategy now, it makes sense to become familiar with quantum computing and why it can be such an enormous threat to your organization.
What Is Quantum Technology?
If you’re familiar with the thought experiment, Schrödinger’s cat – and the idea that a cat, when enclosed in a box with a radioactive atom and a vial of poison, can be simultaneously dead and alive – then you may better understand the basic concept of quantum computing.
Classical computers use bits – either 0 or 1 – to represent information. Every calculation, app, or website is built using combinations of these bits. Think of classical computers functioning as a rapid light switch, flipping bits on (1) or off (0) continually. Everything you do on a classical computer, from playing videos to sending emails to updating spreadsheets, is made up of those bits.
The Powre of Qubits and Quantum AI
Quantum computers, conversely, use qubits, which are quantum bits that can be both 0 and 1 at the same time, thanks to a quantum property called superposition. As well, Qubits can be mysteriously linked together, so that what happens to one instantly affects the other by means of a quantum property called entanglement. And with the quantum property of interference, quantum states can amplify correct results and cancel out incorrect results during computations.
Right now, quantum computers are in the early stages of development. They’re not powerful enough yet to break modern encryption. Once perfected, however, quantum computers will be able to check millions of possibilities at once, instead of checking one solution at a time as classical computers do. These make quantum computers potentially exponentially faster than conventional computers.
This is why quantum computing is so powerful. And also why it is so dangerous.
Who’s Using Quantum Computing Today?
While quantum computers are still in their infancy, big players are getting ready for their eventuality:
- Governments (U.S., China, EU, etc.) are investing billions in quantum computing.
- Tech giants, such as Google, IBM, Microsoft, Amazon, and Intel, are building rudimentary quantum machines.
- Startups like Rigetti, IonQ, and PsiQuantum have all entered the race to build a quantum computer.
These companies and countries are preparing for a future where quantum computing solves problems we can’t today, such as rapid drug discovery. But there’s a darker side to quantum computing.
Why Quantum Technology Is a Cybersecurity Threat
Much of today’s online security relies on mathematical calculations that take standard computers virtually forever to solve.
For example:
- An RSA encryption algorithm (used in HTTPS, email, digital signatures, etc.) is based on factoring large numbers, something that would take traditional computers millions of years to crack.
- Elliptic curve cryptography (ECC) is also widely used in secure communications and blockchain technology and is reliably difficult to break using today’s computers.
But quantum algorithms, such as Shor’s algorithm, can rapidly decrypt files in hours, if not minutes, effectively erasing any security in place.
Harvest Now, Decrypt Later
Even though large-scale quantum computers don’t exist as of 2025, the “harvest now, decrypt later” threat is very real. Cybercriminals are already intercepting and storing encrypted data and are simply holding onto it for the day when quantum computers and quantum AI become powerful enough to be used for harmful reasons.
This dangerous reality is especially noteworthy when considering the volumes of government and military data, financial transactions, healthcare records, and blockchain systems (like the ones that protect cryptocurrency wallets) that are at risk. A sufficiently powerful quantum computer could break these encryption methods in short order.
Why We Need to Act Now
The necessary security upgrades are extensive and time-intensive, conceivably taking years for organizations – government, banks, schools, power grids, and healthcare systems in particular – to complete. If we wait until quantum computers are widespread, it will be too late to protect the data we’ve already shared or stored.
That’s why organizations and governments around the world are already working to create quantum-proof encryption algorithms (referred to as post-quantum cryptography). They are also replacing old systems now, before the threat becomes tangible. The Canadian government has started driving the shift to post-quantum cryptography, and many tech companies are embedding post-quantum tools into their systems.
What Is Post-Quantum Cryptography?
Quantum security is about creating encryptions that even a quantum computer can’t crack. There are two main strategies:
Post-quantum cryptography (PQC) refers to new mathematical algorithms that run on classical computers but are designed to resist quantum attacks.
Quantum key distribution (QKD) uses quantum physics (not solely mathematics) to exchange encryption keys. QKD is unbreakable in theory because any attempt to intercept the key changes the encryption; hence, the tampering is detectable.
What Should Your Organization Be Doing Right Now to Prepare for a Quantum AI Future?
Whether your business is in government, finance, healthcare, education, tech, or infrastructure, these measures must be implemented:
Take Inventory of What’s at Risk in Your Organization
Identify systems, applications, and data that rely on public key encryption (like RSA or ECC). Document which data must be protected long-term (e.g., health records, intellectual property, classified info). Encrypted data stolen today may be decrypted in the future. Knowing in advance what’s most vulnerable helps prioritize.
Start Planning for Post-Quantum Cryptography
Post-quantum algorithms are being standardized by NIST, with finalization expected this year. Organizations should test and prepare to adopt these algorithms, as they’re designed to work on today’s infrastructure but resist tomorrow’s quantum attacks.
Talk to Vendors and Partners about Quantum Readiness
Ask your software providers, cloud vendors, and technology partners about their plans for quantum readiness. Microsoft, AWS, Cloudflare, and Google are already rolling out post-quantum features in their products.
Train Relevant Teams and Build Awareness in Quantum Computers and Quantum AI
IT, security, and executive teams need to understand why quantum readiness matters sooner rather than later. Include quantum readiness in risk assessments, compliance reviews, and conversations with stakeholders.
Future-Proof New Systems Against Quantum Risks
Any new project involving encryption (new apps, devices, APIs) should be quantum-ready or easily upgradable. Don’t design systems today that will be vulnerable tomorrow.
Act Now
If your data is designated confidential for the next 5, 10, or 20 years, that data is already at risk, and fully upgrading cryptographic infrastructure can take 5–10 years for large organizations. Beware: Cybercriminals aren’t waiting in anticipation. They are already stockpiling encrypted data in anticipation of a future of quantum computers.
What Does a Quantum-Secure Future Look Like?
New algorithms that withstand both conventional and quantum attacks will offer organizations stronger, smarter security. Organizations should focus on:
- Hybrid systems that provide defense-in-depth against emerging threats.
- Upgradable cryptography that allows encryption methods to be exchanged while maintaining security integrity.
- Industry-wide collaboration in which there are shared standards, open-source cryptographic libraries, and government guidance and support.
Target timeline:
The Canadian Centre for Cyber Security has provided the following guidance for the adoption of post-quantum cryptography. They explain:
Every organization managing information technology (IT) systems must migrate cyber security components to become quantum-safe. This will help protect against the cryptographic threat of a future quantum computer. The Cyber Centre recommends the adoption of standardized post-quantum cryptography (PQC) to mitigate this threat.
The Cyber Centre has set the following milestones and deliverables for federal agencies, but private organizations, given their potentially unique personal and professional risks, may want to consider hastening their efforts:
- April 2026: Develop an initial departmental PQC migration plan
- Beginning April 2026 and annually after: Report on PQC migration progress
- End of 2031: Completion of PQC migration of high priority systems
- End of 2035: Completion of PQC migration of remaining systems
As quantum computing becomes mainstream, your organization should consider adopting a quantum security strategy.