Quantum Computing Risks Explained for Professionals

The biggest threat to your data isn’t happening tomorrow. It happened yesterday. If you haven’t heard of HNDL (Harvest Now, Decrypt Later), your long-term data strategy has a massive blind spot. Here is the reality: State actors and cybercriminals are capturing your encrypted data today. They can’t read it yet, so they’re storing it in massive data vaults, waiting for the "Qday"—the moment quantum computers become powerful enough to break current encryption. If your data needs to stay private for 5, 10, or 20 years, it’s already at risk. What’s on the line? ↳ Intellectual Property (IP) and trade secrets. ↳ Government and identity data. ↳ Long-term financial records and contracts. ↳ Sensitive customer health data. How do we solve it? 🛠️ We cannot wait for quantum supremacy to react. The fix starts now: ↳ Inventory: Identify which data has a long shelf-life. ↳ Crypto-Agility: Move toward systems that can swap encryption methods without a total overhaul. ↳ Hybrid PQC: Implement Post-Quantum Cryptography alongside classical methods to ensure traffic captured today remains a mystery tomorrow. The transition to quantum-resistant security is a marathon, not a sprint. Are you tracking HNDL on your current risk register? Let’s discuss in the comments. 👇 P.S. If you want help mapping your exposure or building a PQC migration plan, drop me a message. ♻️ Share this post if it speaks to you, and follow me for more. #QuantumSecurity #PQC

🧠 Quantum computing: What business leaders need to do right now Right now, criminal and state-sponsored hackers are intercepting and storing encrypted data they cannot yet decode. Likely targets include everything from corporate secrets and medical records to legal agreements and military communications. Why would these actors bother to steal data they can’t read? Because they are betting on developments in quantum computing that will eventually let them crack this encrypted data wide open. This isn’t a fringe theory. The NSA (National Security Agency), NIST (National Institute of Standards and Technology), and ENISA (European Agency for Cybersecurity) are all treating this “harvest now, decrypt later” scenario as a live threat that is serious enough to demand immediate action. The NSA has mandated that all U.S. national security systems must transition to quantum-resistant cryptography by 2035—with new acquisitions required to be compliant by 2027. In Europe, ENISA issued updated guidance in April 2025 warning that the threat is “sufficient to warrant caution, and to warrant mitigating actions to be taken,” and recommending that organizations begin deploying post-quantum cryptography immediately. NIST has launched a parallel global effort to develop the new cryptographic standards on which these transitions will depend. The message from all three bodies is the same: Organizations run a grave risk if they wait to begin upgrades until quantum computers can break current encryption standards. That is the reason business leaders need to pay attention to quantum computing now — not because the technology is ready, but because the risk is grave, and the cost of preparation is trivial compared with the cost of being caught flat-footed. 🔗 Find out how in our new Fast Company article here: https://lnkd.in/g54y88UE.

Three weeks ago, our Devsinc security architect, walked into my office with a chilling demonstration. Using quantum simulation software, she showed how RSA-2048 encryption – the same standard protecting billions of transactions daily – could theoretically be cracked in just 24 hours by a sufficiently powerful quantum computer. What took her classical computer billions of years to attempt, quantum algorithms could solve before tomorrow's sunrise. That moment crystallized a truth I've been grappling with: we're not just approaching a technological evolution; we're racing toward a cryptographic apocalypse. The quantum computing market tells a story of inevitable disruption, surging from $1.44 billion in 2025 to an expected $16.22 billion by 2034 – a staggering 30.88% CAGR that signals more than market enthusiasm. Research shows a 17-34% probability that cryptographically relevant quantum computers will exist by 2034, climbing to 79% by 2044. But here's what keeps me awake at night: adversaries are already employing "harvest now, decrypt later" strategies, collecting our encrypted data today to unlock tomorrow. For my fellow CTOs and CIOs: the U.S. National Security Memorandum 10 mandates full migration to post-quantum cryptography by 2035, with some agencies required to transition by 2030. This isn't optional. Ninety-five percent of cybersecurity experts rate quantum's threat to current systems as "very high," yet only 25% of organizations are actively addressing this in their risk management strategies. To the brilliant minds entering our industry: this represents the greatest cybersecurity challenge and opportunity of our generation. While quantum computing promises revolutionary advances in drug discovery, optimization, and AI, it simultaneously threatens the cryptographic foundation of our digital world. The demand for quantum-safe solutions will create entirely new career paths and industries. What moves me most is the democratizing potential of this challenge. Whether you're building solutions in Silicon Valley or Lahore, the quantum threat affects us all equally – and so does the opportunity to solve it. Post-quantum cryptography isn't just about surviving disruption; it's about architecting the secure digital infrastructure that will power humanity's next chapter. The countdown has begun. The question isn't whether quantum will break our current security – it's whether we'll be ready when it does.

Quantum Threat Accelerates: Encryption May Be Breakable with Far Fewer Qubits New research suggests that the timeline for quantum computers to break widely used encryption methods may be much shorter than previously believed. A recent study indicates that elliptic-curve cryptography, a cornerstone of modern digital security, could potentially be cracked with around 10,000 qubits, a dramatic reduction from earlier estimates of 20 million. This shift is driven by advances in quantum error correction and system architecture. Researchers have demonstrated that non-local communication between qubits can significantly improve fault tolerance, allowing smaller quantum systems to perform complex calculations more reliably. This means that the barrier to executing powerful quantum algorithms, such as those capable of breaking encryption, may be far lower than assumed. The implications are profound for global cybersecurity. Elliptic-curve cryptography underpins everything from secure communications and financial transactions to government and military systems. If quantum machines reach the revised threshold, many of today’s encryption standards could become vulnerable far sooner than anticipated. While current quantum computers remain below this capability, progress in the field is accelerating. The combination of improved qubit quality, scaling efforts, and enhanced error correction suggests that the gap between theory and practical application is narrowing. This creates urgency for organizations to transition toward quantum-resistant cryptographic frameworks. The broader impact is strategic and immediate. Governments, enterprises, and infrastructure operators must begin preparing for a post-quantum security landscape now, rather than reacting after a breakthrough occurs. The emerging reality is clear: quantum computing is not only a technological revolution but also a potential disruption to the very foundations of digital trust. I share daily insights with tens of thousands followers across defense, tech, and policy. If this topic resonates, I invite you to connect and continue the conversation. Keith King https://lnkd.in/gHPvUttw

Is quantum computing the next big cybersecurity threat? For decades, encryption has been our digital fortress. But quantum computing is challenging that foundation—and the stakes couldn’t be higher. Let me explain. Quantum computers, powered by qubits and quantum mechanics, have the potential to break today’s most secure encryption methods in record time. Algorithms like RSA, which protect everything from online transactions to national secrets, may soon become obsolete. Here’s the reality: → "Harvest Now, Decrypt Later": Cybercriminals are already storing encrypted data, waiting for the day quantum computers can crack it. → Encryption at Risk: Shor’s Algorithm and similar quantum innovations could dismantle current security protocols, leaving sensitive information vulnerable. → The Clock is Ticking: While quantum computers aren’t powerful enough yet, experts predict it’s only a matter of time. So, how do we prepare? → Post-Quantum Cryptography: Organizations like NIST are working on quantum-resistant algorithms to protect future data. → Quantum-Safe Protocols: Hybrid models combining classical and quantum encryption are emerging to secure transitions. → Risk Assessments and Training: Companies must identify vulnerabilities and educate cybersecurity teams on the implications of quantum advancements. The future of cybersecurity isn’t just about defending against traditional threats—it’s about staying ahead of quantum possibilities. Are we ready to face the next wave of cyber threats? Let’s discuss. 👇

Quantum computing is moving from "science fiction" to "business reality" faster than most predicted. Two recent papers have fundamentally shifted the timeline for when we need to care about Quantum-Safe security: 1️⃣ The "10,000 Qubits" Milestone: New research shows that we can execute Shor’s algorithm—the math that breaks today’s encryption—with far fewer resources than previously thought. By using reconfigurable atomic qubits, the hardware requirements for cracking RSA-2048 have dropped by nearly 20x. 2️⃣ The "9-Minute" Crypto Warning: Google’s latest whitepaper highlights a terrifying reality for digital assets. Under advanced quantum scenarios, the encryption protecting a cryptocurrency wallet could be cracked in under 10 minutes. This puts billions in "dormant" assets at immediate risk of "at-rest" attacks. The Bottom Line: The "Q-Day" window is shrinking. It’s no longer about if a quantum computer can break your encryption, but when your current migration timeline will run out. How do we respond? We can't just flip a switch on "Q-Day." For many organizations, becoming quantum safe is a multi-year journey. This is where Palo Alto Networks Quantum-Safe Security comes in. Instead of a manual, multi-year overhaul, we provide a path to Agentic Resilience: - Continuous Discovery: It automatically maps your "cryptographic bill of materials" (CBOM), identifying exactly where vulnerable RSA and ECC algorithms are hiding in your network. - Risk Prioritization: It correlates your encryption strength with business criticality, telling you exactly which high-value assets need to move to Post-Quantum Cryptography (PQC) first. - Real-Time Remediation: For legacy systems that can’t be easily upgraded, a "Quantum-Safe Proxy" re-encrypts vulnerable traffic into post-quantum algorithms (like ML-KEM) at the network edge. The transition to a quantum-safe future is a marathon, but the starting gun has already fired. Learn how to take your first steps at the link in the comments.

EY’s perspective on securing against #quantum #risks emphasizes that quantum #computing is rapidly evolving from a theoretical concern into a material cybersecurity threat that requires immediate strategic action. The core issue lies in the vulnerability of widely used cryptographic algorithms, such as RSA and elliptic curve cryptography, which could be broken by sufficiently advanced quantum computers. This creates a systemic risk to sensitive data, including financial information, intellectual property, and personal records. A central concept highlighted is the “harvest now, decrypt later” threat model, in which adversaries collect encrypted data today with the intention of decrypting it in the future as quantum capabilities mature. This makes quantum risk a present-day problem, particularly for data requiring long-term confidentiality. EY stresses that organizations must adopt a proactive and structured approach to quantum readiness. A foundational step is to conduct a comprehensive cryptographic inventory, identify sensitive #data, and map existing #encryption methods. This enables organizations to assess which systems are most exposed and prioritize remediation efforts. Transitioning to post-quantum cryptography (PQC) is a complex, multi-year transformation that requires careful planning, integration into existing #technology roadmaps, and alignment with emerging standards. Organizations are encouraged to build crypto-agility, allowing them to adapt encryption methods as technologies and standards evolve. EY also highlights the importance of #governance, #compliance, and #workforce readiness. Quantum resilience requires enterprise-wide coordination, including policy development, regulatory alignment, continuous monitoring, and personnel training. EY frames quantum cybersecurity not just as a technical upgrade but as a strategic #transformation initiative. Organizations that act early can strengthen resilience, improve cyber maturity, and gain a competitive advantage, while those that delay risk long-term exposure to data breaches, regulatory challenges, and erosion of #digital #trust.

⏳ 𝗤𝘂𝗮𝗻𝘁𝘂𝗺 𝗖𝗼𝗺𝗽𝘂𝘁𝗶𝗻𝗴 𝗮𝗻𝗱 𝗖𝗿𝘆𝗽𝘁𝗼𝗴𝗿𝗮𝗽𝗵𝘆: 𝗧𝗵𝗲 𝗧𝗶𝗺𝗲𝗹𝗶𝗻𝗲 𝗜𝘀 𝗦𝗵𝗿𝗶𝗻𝗸𝗶𝗻𝗴 𝗖𝗹𝗲𝗮𝗿 𝗣𝗮𝘁𝗵 𝘁𝗼 𝗖𝗿𝘆𝗽𝘁𝗮𝗻𝗮𝗹𝘆𝘁𝗶𝗰 𝗥𝗲𝗹𝗲𝘃𝗮𝗻𝗰𝗲 The Bundesamt für Sicherheit in der Informationstechnik (BSI) analysis is clear: Quantum computing is progressing steadily toward cryptanalytic relevance. The technical path is established: fault-tolerant Shor algorithms on superconducting systems with surface codes or ion-based systems with color codes. In 2024, key obstacles were removed. Quantum error correction works. Fault-tolerant computation is real. What remains is large-scale engineering. 𝗪𝗵𝘆 𝘁𝗵𝗲 “𝟮𝟬-𝗬𝗲𝗮𝗿” 𝗡𝗮𝗿𝗿𝗮𝘁𝗶𝘃𝗲 𝗜𝘀 𝗪𝗿𝗼𝗻𝗴 Error-correction break-even across several platforms in 2024–2025 invalidates the claim that relevant quantum computers are always decades away. A conservative estimate now points to around 15 years. This matches observed qubit growth and implies that systems with roughly one million qubits could be available in that timeframe, which is sufficient for cryptographic attacks. 𝗔 𝗦𝘁𝗿𝗮𝗶𝗴𝗵𝘁𝗳𝗼𝗿𝘄𝗮𝗿𝗱 𝗦𝗰𝗮𝗹𝗶𝗻𝗴 𝗧𝗶𝗺𝗲𝗹𝗶𝗻𝗲 The same result emerges from a modular view. Five years to design a scalable platform. Five years to produce and integrate modules. Five years to operate at full scale and quality. This is a scaling problem, not a scientific unknown. 𝗪𝗵𝗮𝘁 𝗖𝗼𝘂𝗹𝗱 𝗦𝗵𝗼𝗿𝘁𝗲𝗻 𝘁𝗵𝗲 𝗧𝗶𝗺𝗲𝗹𝗶𝗻𝗲 Advances in qLDPC codes, error mitigation, and neutral-atom platforms could reduce the horizon further. Ten years is no longer unrealistic. 𝗨𝗻𝗰𝗲𝗿𝘁𝗮𝗶𝗻𝘁𝘆 𝗜𝘀 𝗦𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗮𝗹 Multiple hardware platforms progress in parallel. Companies protect core technology. Some work happens in stealth mode. National security plays a role. A hidden qualitative leap seems unlikely today, but cannot be excluded. 𝗤-𝗗𝗮𝘆 𝗮𝗻𝗱 𝘁𝗵𝗲 𝗛𝗡𝗗𝗟 𝗥𝗶𝘀𝗸 To stay on the safe side, Q-Day planning should assume a horizon of no more than 10 years, especially for nation-state actors and cyber agencies. AI will accelerate engineering, scaling, and cryptanalysis. This increases the risk that Q-Day arrives earlier than expected. The HNDL threat—harvest now, decrypt later—is already active. Sensitive data intercepted today can be decrypted in the future. This affects critical infrastructure, government systems, and industrial communication with long confidentiality lifetimes. Protection must start now. This requires crypto-agile architectures and the early deployment of hybrid schemes combining classical and post-quantum cryptography. 𝗜𝗺𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀 𝗳𝗼𝗿 𝗖𝗿𝘆𝗽𝘁𝗼𝗴𝗿𝗮𝗽𝗵𝗶𝗰 𝗜𝗻𝗳𝗿𝗮𝘀𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲 Post-quantum migration is no longer optional. Waiting increases risk. 𝗢𝘂𝗿 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀 𝗳𝗼𝗿 𝘁𝗵𝗲 𝗗-𝗦𝘁𝗮𝗰𝗸 We at Spherity assessed these risks and transition paths for the German D-Stack, with a focus on crypto agility and long-term resilience: https://lnkd.in/eTJT4erD

Quantum risk will not break the network first. It will break trust first. The OSI model still explains how data moves. In a post-quantum world, it also becomes a useful lens for understanding where trust dependencies are embedded across protocols, identities, endpoints, applications, firmware, and management planes. Most leaders still look at the OSI stack as a classroom model. I look at it as an exposure map. Quantum computing does not pressure every layer equally. The most immediate pressure falls on quantum-vulnerable public-key mechanisms used for key establishment and digital signatures, including PKI, certificates, TLS handshakes, VPN key exchange, software signing, and related trust services. NIST finalized its first three post-quantum cryptography standards in 2024 and is encouraging organizations to begin transitioning now. That matters because long-lived sensitive data is already exposed to a harvest now, decrypt later risk models. NIST’s migration work specifically calls out TLS as one of the most widely deployed security protocols and a prime target for that threat. When you map that back to the OSI model, the message is clear: The problem is not Layer 1 cabling. It is the cryptographic trust fabric spanning protocols, identities, endpoints, applications, firmware, and management planes that still depends on quantum-vulnerable public-key cryptography. That is why this is not just a cryptography discussion. It is an enterprise architecture discussion. A PKI discussion. A certificate lifecycle discussion. A software signing discussion. A vendor governance discussion. An OT and IoT lifecycle discussion. NIST guidance and CISA’s OT-focused post-quantum materials both point organizations toward first identifying where quantum-vulnerable cryptography exists across hardware, software, services, firmware, PKI, IT, OT, and vendor dependencies before trying to migrate. For boards and executive teams, the real questions are straightforward: Do we know where we use quantum-vulnerable public-key cryptography? Do we know which data must remain confidential longer than our migration window? Do we know which OT, IoT, and embedded assets are not crypto-agile enough to adapt? Do our vendors have a credible roadmap for PQC in certificates, TLS, VPNs, browsers, firmware, and signing? The OSI model still explains how data moves. In 2026, it can also help explain where trust dependencies may fail first if cryptographic migration is delayed. Quantum readiness is not about hype. It is about rebuilding the trust layer before the threat catches up. #Cybersecurity #PostQuantumCryptography #EnterpriseArchitecture

By 2035, quantum computers could break today’s RSA/ECC, threatening everything from over-the-air updates to payments, V2X, charging, telematics, and dealer systems. And “harvest-now, decrypt-later” means data we encrypt today may be readable tomorrow. Thankfully, there’s a path forward with Post-Quantum Cryptography (PQC). So here's what we’re doing (and what I recommend): 1️⃣ Prioritize what matters: Classify apps/data by sensitivity & lifespan (vehicles, keys, firmware, contracts). Tackle the critical 10% first. 2️⃣ Start pilots now: Stand up PQC for key exchange and signatures (NIST picks: CRYSTALS-Kyber, Dilithium, plus FALCON/SPHINCS+ where appropriate). Wrap legacy with interim controls where upgrades aren’t yet feasible. 3️⃣ Engineer for the edge/IoT: Plan for constrained ECUs and long service lives; align PQC with model year cycles and sunset plans to avoid hardware rip-and-replace. 4️⃣ Educate & govern: A cross-functional council (CISO, engineering, legal, procurement) to drive roadmap, metrics, and auditability. Quantum risk isn’t a future storm; it’s a countdown. Organizations that move now will secure their platforms and earn customer trust in the next digital economy. #Cybersecurity #PQC #RiskManagement 📸: BCG