11 August , 2025
Design
Cybersecurity has emerged as a key driver of business resilience for the modern firm. It influences different aspects of business including revenue generation, regulatory compliance, customer trust and shareholder value. With continued focus on digital transformation, cybersecurity, and in particular data security, will remain at the center of risk management approaches.
The current cybersecurity threat landscape is more active than ever. Global businesses faced a record-high attack volume in 2024 with the global average cost of a data breach reaching US$4.88 million (according to IBM). According to a report by GuidePoint Security, there were around 70 active ransomware gangs in the first quarter of 2025.
The rapid growth of cloud, API-first apps, IoT and OT-IT convergence has added millions of vulnerable endpoints. In fact, according to IBM, shadow data drove 1 in 3 breaches in 2024. On top of this, generative AI is expected to lower the threshold for phishing, deep-fake video calls and synthetic voice fraud. Firms also face security challenges from a potential breach at one of their myriad suppliers / spread across multi-tenant cloud, software as a service and managed services.
As if this was not enough, businesses today face another challenge emanating from the promise of quantum computing which hopes to bring unprecedented processing power and pose new threats to the current technology infrastructure. This article explores the transformative implications of quantum computing on cybersecurity and outlines approaches that leaders can follow to protect their sensitive data.
The idea of quantum computing was first proposed by Richard Feynman who suggested simulating quantum physics with quantum systems. When Peter Shor published his factoring algorithm in the 90s, the potential of quantum computing became even more clearer.
Since then we have witnessed tremendous progress on multiple fronts. Firms like IBM, Microsoft, Google, D-Wave, Quantinuum have led the field in building new and innovative quantum systems. Despite all the promise and noise, we are still some years away from development of fully functioning quantum computers.
Quantum computing leverages principles of quantum mechanics such as superposition, entanglement and quantum interference to perform computations at a much faster speed as compared to classical computers.
The fundamental computational unit of a classical computer is a bit which can be represented in either of the two states (0,1). On the other hand, a quantum computer uses qubits, which can exist in multiple states simultaneously. This enables an exponential increase in the processing power.
Let’s consider a practical example for a better understanding of the type of approaches used by classical and quantum computing. If we present the task of finding a page in a massive, unsorted phone book to both the computers, a classical computer will systematically flip pages one by one until the search criteria appears. On the other hand, a quantum computer will open every page and settle on the correct solution from there.
Due to these computational capabilities, quantum computers have the ability to revolutionize the approach towards drug discovery, materials science and cybersecurity (more on that later). They can also be leveraged to solve optimization problems and bring about a step change in artificial intelligence.
The massive computational power of quantum computers has led to the emergence of what is considered as the ‘Quantum Threat’. Currently, most of the world’s sensitive data in areas like online banking, VPNs, software-update signatures relies on encryption techniques like Rivest, Shamir, and Adelman (RSA) and Elliptic Curve Cryptography (ECC).
It is presumed that a universal quantum computer running Shor’s algorithm would be able to decrypt them in a matter of hours or minutes. A classical computer on the other hand would take billions of years to do the same task.
This poses massive potential challenges, the most significant of them being Harvest Now, Decrypt Later (HNDL). This is a strategy in which adversaries might copy or eavesdrop on today’s encrypted data and keep it with themselves till such time when fault-tolerant computers are ready, making decryption easy.
This threat is particularly relevant for sectors which have data with long shelf-life including health (personal info), government (state secrets), financial services (transactions & personally identifiable information) and telecommunications (secure online communications). More broadly, long life intellectual property data across sectors would also face the HNDL threat.
The looming threats have led to the emergence of quantum cybersecurity which focuses on building solutions that enable better responses to the challenges on the horizon.
Quantum cybersecurity is the umbrella term for technologies and practices that:
Post-Quantum Cryptography (PQC) refers to classical (non-quantum) algorithms designed to withstand both classical and quantum attacks. They incorporate mathematical problems such as lattice-based, multivariate, or hash-based cryptographic schemes, which are believed to be difficult even for quantum computers to solve.
A key advantage of PQC solutions is that they can be used in conjunction with existing systems. This is vital as their widespread adoption is not expected to cause significant disruption. The US-based National Institute of Standards and Technology (NIST) has been working on identifying and standardizing PQC algorithms since 2016.
In July 2022, NIST announced the first four quantum resistant cryptographic algorithms. Subsequently, it published three final Federal Information Processing Standards (FIPS) in August 2024. A fourth is currently in development. In March 2025, NIST announced that it has identified another algorithm known as HQC which will serve as a backup for ML-KEM.
| Standard | Algorithm | Type | Status |
|---|---|---|---|
| FIPS 203 | CRYSTALS-Kyber | Module Lattice-Based Key Encapsulation Mechanism (ML-KEM) | Finalized |
| FIPS 204 | CRYSTALS-Dilithium | Module Lattice-Based Digital Signature Algorithm | Finalized |
| FIPS 205 | SPHINCS+ | Stateless Hash-Based Digital Signature Algorithm | Finalized |
| FIPS 206 | FALCON | FFT over NTRU Lattice-Based Digital Signature Algorithm | In development |
| — | HQC | Code-Based Key Encapsulation Mechanism (KEM) | Backup (for ML-KEM) |
Many countries have already mandated initial steps towards adoption of PQC more broadly. The US government’s National Security Memorandum-10 mandates a federal systems inventory by 2023 with a full migration by 2035. The European Commission too has urged its member states to publish a co-ordinated adoption roadmap by 2026.
Quantum Key Distribution (QKD) is a technique that uses single photons (or entangled photon pairs) to generate symmetric encryption keys. Any eavesdropping changes the quantum state and can be detected immediately.
Two of the most well known protocols for encoding and transmitting quantum information are:
QKD typically requires specialized hardware including sources and detectors for photons, quantum channels, and random number generators. The process does face limitations in terms of range, cost and integration with existing systems.
Quantum Random Number Generators (QRNGs) measure specific quantum phenomena (vacuum fluctuations, photon arrival, radioactive decay) to produce unpredictable bits. QRNGs can be broadly categorized into three different types:
| Technology | Function | Example Use | Considerations |
|---|---|---|---|
| Post-Quantum Cryptography (PQC) | Quantum-resilient software algorithms | Secure email, VPNs, digital signatures | Compatible with existing infrastructure |
| Quantum Key Distribution (QKD) | Quantum physics-based secure key exchange | Ultra-secure data center connections | High cost, range-limited, hardware-intensive |
| Quantum Random Number Generators (QRNG) | Quantum-based entropy source | Secure cryptographic key generation | Hardware integration and cloud delivery models |
A simpler way to look at these technologies is to consider PQC as the quantum-resilient software foundation, with QRNG as the hardware entropy source inside chips and clouds. QKD can be imagined as the quantum physics-led overlay for specific use cases where even the security provided by PQC is deemed insufficient.
Quantum cybersecurity is expected to see significant growth in the coming years. Adoption is being driven by regulatory pressure (especially in federal systems), demand from financial services and telecom firms, and interest from emerging tech ecosystems such as sovereign clouds, zero trust architectures and AI security.
| Year | Market Size (US$ Billion) | Key Drivers |
|---|---|---|
| 2023 | $0.6B | Early adoption of QRNG, QKD pilots in APAC and EU |
| 2024 | $0.9B | NIST FIPS for PQC, national strategy updates |
| 2025 | $1.3B | Commercial launches of quantum-safe VPNs and browsers |
| 2028 | $3.6B | Post-quantum upgrades in BFSI, telco, defense |
| 2032 | $9.5B | Mass adoption across sectors, supply-chain mandates |
Governments across the globe are playing an important role in driving this adoption. China, EU, India, South Korea, US and others have announced significant budgets for national quantum initiatives—many of which include cyber readiness and secure quantum communication infrastructure. Similarly, enterprises across telecom, BFSI, government and critical infrastructure are expected to lead commercial deployments.
Quantum cybersecurity is already being deployed in multiple sectors to test future-readiness and secure critical data streams. Below are selected examples.
| Sector | Use Case | Details |
|---|---|---|
| Telecom | QKD-secured metro fiber | China Mobile and SK Telecom have deployed QKD between core network nodes |
| Banking | Quantum-safe transaction signing | JPMorgan Chase and Toshiba partnered to trial quantum-resistant blockchain signatures |
| Government | Satellite-based quantum communication | China launched the Micius satellite to demonstrate global-scale QKD |
| Cloud | QRNG-as-a-Service | Cloudflare and AWS introduced QRNG entropy injection for better key generation |
| Critical Infrastructure | Quantum-safe VPNs | Thales and Post-Quantum launched VPNs with integrated PQC standards |
These early deployments are expected to provide valuable lessons for wider implementation. They also demonstrate that quantum cybersecurity is not theoretical—it is already being operationalized by leading players across the value chain.
Businesses should not wait until powerful quantum computers are commercially available. Given the long planning and upgrade cycles in large organizations, preparation must begin today. Below is a roadmap firms can follow.
| Stage | Actions | Outcome |
|---|---|---|
| 1. Risk Assessment | Inventory cryptographic assets, assess data lifespans and HNDL risk | Prioritized risk profile |
| 2. Awareness & Governance | Appoint quantum risk officer, update governance for crypto agility | Leadership alignment |
| 3. Pilot & Testing | Trial PQC, test hybrid crypto, run simulations, sandbox QKD/QRNG | Technology familiarity |
| 4. Migration Planning | Identify PQC-ready vendors, plan system upgrades, develop training | Transition blueprint |
| 5. Full Implementation | Replace vulnerable crypto, adopt QRNG/QKD where needed | Quantum-resilient posture |
The biggest risk with quantum security is inaction. Transitioning to post-quantum cryptography or testing quantum-secure channels can take years. Organizations that start today will be far better positioned to protect long-term data confidentiality, reduce exposure and maintain compliance in the years ahead.
Quantum computing is no longer a far-off concept. While commercial quantum computers are still evolving, the risks they pose to data security are very real today—particularly through harvest-now-decrypt-later attacks. This calls for urgent and proactive investment in quantum-resilient cybersecurity strategies.
Post-Quantum Cryptography, Quantum Key Distribution, and Quantum Random Number Generators form the core technology set that organizations can use to protect themselves. Governments and businesses worldwide are already piloting and adopting these innovations.
The time to act is now. From conducting crypto inventories and testing PQC to trialing QKD-secured networks and QRNG entropy sources, there are clear steps firms can take. Those who act early will gain a competitive edge—not only by securing long-lived data, but by signaling resilience and trust to customers and regulators alike.
IBM Cost of a Data Breach Report 2024
Provide expert guidance on developing an AI strategy
