How quantum cybersecurity changes the way you protect data
Here's a full guide to the threats quantum computers pose to today's encryption algorithms -- and how to prepare now to become "crypto-agile" enough to stay ahead of bad actors.
Quantum computing is becoming real and will soon be able to solve problems well beyond the capabilities of today's fastest supercomputers. In the wrong hands, however, quantum computers will also create a new pain level for cybersecurity professionals.
Recent advancements suggest that a cryptographically relevant quantum computer (CRQC) -- one that can break commonly used encryption algorithms -- is getting closer to reality. In February 2025, for example, Microsoft announced its Majorana 1, which it claims is the first quantum processor to use more stable topological quantum bits (qubits), the basic units of quantum information. Microsoft believes its quantum processor can eventually scale to 1 million qubits on a single chip.
Majorana 1 is a long way from meeting its potential, but its announcement should be a warning to organizations that have yet to take post-quantum cryptography (PQC) seriously. Quantum computers will render current encryption algorithms obsolete and help sophisticated adversaries find new ways to compromise critical systems. Preparing for that inevitability starts with adopting PQC algorithms.
Why quantum cybersecurity is important
The biggest quantum computing cybersecurity risk is the ability to quickly crack popular public key cryptography and encryption algorithms such as Rivest-Shamir-Adleman (RSA), Diffie-Hellman and the Advanced Encryption Standard (AES). Nation-states are the only adversaries with the resources to create a quantum system for this purpose, and it's believed they are collecting sensitive encrypted data for when that time comes. This is referred to as "harvest now, decrypt later."
"Our adversaries are consuming everything possible on encrypted networks," said John Prisco, CEO of consultancy Safe Quantum. "We know that once there is a CRQC, every secret message using RSA-2048 or RSA-4096 will be decrypted. Nothing encrypted in this way will remain a secret in the near future."
Decrypting previously stolen data isn't the only threat a CRQC poses. With a CRQC, "all digital communications that we use today leveraging asymmetric cryptography will also be broken," said Ray Harishankar, IBM Fellow and lead for IBM Quantum Safe. "Bad actors can perform fraudulent authentication and masquerade as anyone, and consequently, a number of bad things can happen. It's not as cut and dry as Y2K, when things happen [at a specific time]. It will happen gradually when powerful quantum computers become available, and nation actors have access to them."
Organizations that should be most concerned are financial services, government agencies, academic and research institutions with sensitive intellectual property, and medical services and research. "We shouldn't make it any easier for the Chinese to steal our intellectual property," Prisco said. "Medical science is also at risk. Patient data remains relevant for a human lifetime. We need a lifelong security program to protect personal medical info."
Post-quantum cybersecurity should concern all executive management and not just the CISO. "Anyone who has data that has value over five, seven, 10 years -- patent information, drug discovery information, formulae information -- those have [the] potential for being exfiltrated and causing damage," he said. "People who manage that data, chief data officers, are going to be concerned. It is broader than a CISO problem because it is a CIO problem. It is a chief risk officer problem. It is a CEO problem. It is even a board problem because all they need is damage [from one incident] and your brand reputation is at risk."
How quantum computing is changing encryption
Today's encryption schemes, such as RSA, are "secure" not because they can't be broken but because of the time and processing power needed to break them. "Public key cryptography coupled with RSA encryption could be broken by computers of today, including supercomputers, in about 1,000 years," Prisco said. "A CRQC can do it in an hour or less."
To counter the threat, researchers have developed numerous PQC algorithms. Examples include Rainbow and Supersingular Isogeny Key Encapsulation (SIKE), both of which were approved by NIST but have since been broken.
"That should worry the U.S. quantum strategists who are taking an all-their-eggs-in-one-basket approach. Defense-in-depth is necessary to compete with today's security protection schemes," Prisco said.
Why organizations should prepare for quantum computing threats now
Potential threats from quantum computers have been known since at least 1994, when Peter Shor developed Shor's algorithm for prime factorization, which is considered capable of breaking today's encryption when used with a CRQC. Quantum computers are proliferating, even if none are powerful enough to crack standard encryption algorithms. IBM has deployed 75-plus quantum computers, with more than a dozen utility-scale systems currently online that users can experiment with using the cloud, according to Harishankar.
The key question is: When will a cryptographically relevant quantum computer arrive? That's difficult to answer because much of the research is secretive. It is estimated that a quantum computer would require anywhere from several thousand to tens of millions of qubits to execute Shor's algorithm.
History tells us that changing cryptography at scale doesn't happen in seven to 10 years. It takes more time.
Ray HarishankarIBM Fellow and lead for IBM Quantum Safe
"We started with five qubits in 2016, and now we are at 156-plus qubits," Harishankar said. "We are able to get more and more reliable qubits as well. We have stated that by 2029 or 2030, we will have a fault-tolerant quantum computer with 200 logical qubits." IBM has made public its own quantum development roadmap through 2033.
That might not be enough to have a CRQC, though. Harishankar's best estimate is that it will happen sometime in the mid-2030s. If you think that gives you plenty of time to prepare, think again. "History tells us that changing cryptography at scale doesn't happen in seven to 10 years. It takes more time," he said. "Unless people start thinking and planning today, they cannot complete the work in seven to 10 years."
How organizations can prepare for quantum cybersecurity
The most important way organizations can prepare for PQC is to begin the transition to quantum-secure algorithms and keys. It's a long process that includes the following steps:
Select a PQC algorithm. NIST has three PQC algorithms ready for use and is finalizing the draft standards for two others. Organizations should choose a primary algorithm for general encryption -- such as Federal Information Processing Standard (FIPS) 203 -- and one for digital signatures. NIST has designated some algorithms as backups in case the primary algorithms become vulnerable.
Assess the PQC algorithm's effect on IT infrastructure. A PQC algorithm will have bigger key sizes and produce increasingly fragmented network traffic, which increases performance overhead and implementation complexity.
Adapt network security devices. The additional complexity and performance requirements will place more demands on firewalls and network intrusion detection systems, which will need to handle a higher volume of fragmented traffic due to larger cryptographic keys and ciphertexts.
Review hosting and other cloud-based services and software to ensure they are quantum-ready. Even if you do all you can to make your own network quantum-secure, you probably have processes and data running in the cloud. If they aren't quantum-secure, you're still vulnerable to PQC attacks. Zoom, Apple and Microsoft are among the providers who say their cloud offerings are "quantum-safe."
Take a crypto-agile approach. Crypto-agility enables you to switch to another algorithm without much business disruption if your post-quantum encryption algorithm is compromised. "As we transform and remediate the current software to support post-quantum cryptography, we have to do it with crypto-agility in mind so that you're not caught in this trap of having to do major work in replacing them again and again and again," Harishankar said. "I know it's a little bit of extra work now, but it's going to save you immensely downstream."
What is the future of quantum cybersecurity?
The post-quantum cybersecurity world will certainly be more complex, but one constant will remain: the constant cat-and-mouse games between cyber adversaries and defenders.
"I see quantum-resistant algorithms as failing over time," Prisco said. "No one knows if the Chinese already have broken the CRYSTALS lattice algorithms of NIST. Let's have a defense-in-depth approach that uses quantum science in addition to mathematical algorithms. It would be astounding if the NIST program provided security for 50 years like the Turing Laureates, Whit[field] Diffie and Mart[in] Hellman, did. I don't think that is a good bet."
Michael Nadeau is an award-winning journalist and editor who covers IT and energy tech. He also writes the PowerTown blog on Substack for stakeholders in local renewable energy initiatives. Follow him on Bluesky at @mnadeau.bsky.social.