Quantum Computing: Preparing for a Post-Quantum World in the Cybersecurity Domain By: Munish Gupta, President and Global Head - Cybersecurity, Inspira Enterprise

Microsoft’s announcement of 2025 as the year to become quantum-ready is certainly encouraging organizations to become well-prepared for a quantum future.  Quantum Computing, which focuses on the development of computers on the principles of quantum theory and solves problems that cannot be cracked by classical computing, is a giant leap in computing capability.  Unlike classical computers, quantum computing leverages quantum bits or qubits and has the potential to revolutionize several industrial sectors such as healthcare, cryptography, pharmaceutical, cybersecurity, manufacturing, financial services, and more. Governments and businesses across the globe are committing billions of dollars to this new technology.

Updated McKinsey analysis for the third annual Technology Monitor predicts sectors such as chemicals, life sciences, finance, and mobility which are likely to see the earliest impact from quantum computing could gain up to USD 2 trillion by 2035.  Several industry leaders are expecting fault-tolerant quantum computers to be ready by 2030.

Advantages of Quantum Computing

Quantum computing offers transformative advantages by solving complex problems beyond the reach of classical systems.  Recently Google announced that quantum computers could solve a problem or perform a mathematical calculation in 5 minutes that cannot be completed by the world’s most powerful supercomputers in 10 septillion years (longer than the universe has been around).  This technology has the potential to offer higher levels of sustainability across agriculture, energy, and other sectors. It can contribute to a more sustainable future by lowering energy consumption and optimizing resource usage, as well as enabling operational efficiency. With the capability to process humungous amounts of data sets and perform real-time computations, quantum computing can accelerate innovation and improve decision-making.

Quantum Computing Threats to Cybersecurity

Although the quantum computing industry is set to make immense progress, studies reveal businesses are skeptical about the technology as it has the potential to challenge data protection and cybersecurity.  Organizations are perturbed over quantum computing’s capability to decrypt and disrupt today’s conventional cybersecurity protocols and widely used cryptographic methods, making digital communications vulnerable.  Cryptographically relevant quantum computers (CRQCs) have the potential to decrypt today’s encryption standards putting sensitive data with long-term value at risk.   CRQCs can disrupt critical systems across healthcare and other industries if quantum-safe measures are not implemented in time.  Furthermore, encrypted data intercepted today could be decrypted in the future by leveraging quantum computing, known as the ‘harvest now, decrypt later’ strategy, and has the potential to become a cybersecurity threat.

Post-Quantum Readiness

With McKinsey estimating that 5,000 quantum computers will be operational by 2030, post-quantum readiness is a top priority for organizations as a key part of their cybersecurity strategy. The drive to adopt post-quantum cryptography (PQC) will enable organizations to avoid threats from cybercriminals and risks associated with quantum computing.  PQC includes building cryptographic protocols that can resist potential attacks from quantum computers.  The development of post-quantum encryption standards such as Lattice-based Cryptography, Hash-based Cryptography, Code-based Cryptography, and Quantum-safe network design are key.   Security teams should focus on post-quantum preparedness which is a multi-year effort. 

•        Take inventory and understand risk exposure

It is crucial to identify and classify various types of data stored in the organization.  Focus on cryptographic assets and algorithms and where they reside.  Assets with long-term sensitivity and regulatory requirements should be prioritized.  Organizations should also have a good understanding of the potential exposure to risks, cryptography standards embedded into systems, and how data is safeguarded.  This knowledge can help in establishing the need and urgency of PQC and the relevant roadmap.  Additionally, PQC migration efforts should consider both technical as well as business impact points of view.

•        Establish a transition strategy

After establishing data inventory and potential exposure, it is time to develop a mitigation strategy team and allocate roles to respective team members.  Prioritize the migration of the most valuable data with the longest shelf-life to post-quantum cryptography.  Build a roadmap to leverage quantum-safe algorithms.

•        Collaborate with trusted providers

It is crucial to collaborate and work with trusted solution providers and cybersecurity experts experienced in quantum-safe technologies.  The IT vendors of organizations should have a deep knowledge of post-quantum implementation.

•        Monitor technological developments

Staying well-informed about developments in quantum computing and PQC is important as it will support security teams to anticipate and mitigate potential risks.

•        Educate all stakeholders

All relevant teams and key stakeholders should be educated on the progress in quantum computing and associated security risks.  They should also be trained in the adoption of new cryptographic standards.

Definitely post Quantum era is going to be big shift for the IT ecosystem of organisations and requires heavy lifting, they should definitely start looking into existing architecture and identify ways to re-architect to minimize the impact and to have Architecture of future to support business.

Governments and organizations have to invest in quantum research and developing a quantum-ready workforce, while establishing a quantum-resilient infrastructure to be well-prepared for a post-quantum world.