The whip-smart scientists and engineers who are building ultra-powerful quantum computers are rapidly achieving major milestones, overcoming technological hurdles long seen as near-impossible.
As a result, many experts now believe that usable quantum computers will emerge by the end of the 2020s — turning cybersecurity on its head in the process. Forward-looking enterprises are already preparing.
How Quantum Computers Work
Experts predict that next-generation quantum computers will transform many industries, including health care, energy and finance. Their powerful hardware will use pattern matching and advanced algorithms to help medical researchers discover new drugs, to help banks manage risks and to help logisticians design more efficient transportation routes.
But how do they work? Using principles found in quantum mechanics, quantum computers utilize qubits for parallel processing instead of the classical binary bits found in conventional computers. Whereas binary bits can exist only as 0s or 1s, qubits can be either 0s or 1s, or both at the same time. This helps quantum computers process vast amounts of data in a very short amount of time and makes them exponentially more efficient at finding patterns and solving problems with large numbers of variables or complex relationships.
Although it’s heady stuff, quantum computing is not just theoretical: IBM plans to demonstrate a 4,158-qubit system of connected “Kookaburra” processors in 2025, and in December 2024, Google announced that its Willow quantum processor was able to reduce the logical error rate below a key threshold, paving the way for a fault-tolerant quantum computer consisting of thousands of qubits.
Quantum Computing and Cybersecurity
Quantum computers’ immense power is exciting. But also, alarming. If successful, projects like IBM’s and Google’s will herald the arrival of the world’s first cryptographically relevant quantum computers (CRQCs), which will commence a new era in cybersecurity. With CRQCs, experts believe bad actors eventually will be able to break standard encryption like RSA, which currently enables the free and secure flow of information and commerce via the internet.
Although it would take conventional computers thousands of years to solve the ultra-complex equations at the heart of RSA, quantum computers might soon be able to crack them in less than a day. A “noisy” quantum computer using 20 million qubits, for example, can break a 2048-bit RSA encryption in just eight hours using Shor’s algorithm, and an error-free quantum computer with 4,099 qubits can do the same in mere seconds.
Experts believe that some hackers already are harvesting encrypted data now with hopes that quantum computers will be able to decrypt it later. In fact, a Deloitte study in 2022 found that 50.2% of IT professionals are concerned about cybercriminals harvesting encrypted data with the expectation that emerging technologies will eventually allow them to break the encryption — a practice known as “Harvest Now, Decrypt Later” (HNDL).
HNDL attacks are not currently a major threat, according to Steve McDowell, principal analyst at NAND Research.
“We’re still several years away from quantum code-breaking being in the hands of most bad actors, and most enterprise data has an expiration date on its usefulness to the bad guys,” McDowell told The Forecast.
“Your database of credit card numbers will probably all be expired by the time we can decrypt them. On the other hand, your spreadsheet of employee social security numbers will be valuable forever.”
In addition to personally identifiable information like social security numbers, sensitive information like government documents, intellectual property, and trade secrets don’t have an expiration date and may be a major target of HNDL attacks.
The Case for Quantum Readiness
Because of cost, infrastructure and the sheer amount of resources required to build a stable device, federal governments in well-funded countries with robust quantum industries will be the only global players capable of launching quantum attacks for some time.
Nevertheless, the specter of state-sponsored corporate espionage — the theft of trade secrets, intellectual property and other economically-useful information from companies in rival countries — makes quantum computing relevant to enterprise leaders everywhere.
“Cyber operations — whether for espionage, destruction or influence — play a persistent supporting role in broader geopolitical conflicts,” Microsoft noted in its 2024 "Microsoft Digital Defense Report."
Fortunately, the cybersecurity community — including the National Institute of Standards and Technology (NIST), which is developing new algorithms that are resistant to quantum computing on behalf of the U.S. government — already is engineering post-quantum cryptography (PQC) solutions.
By adopting PQC protections today, enterprises can shore up organizational defenses and protect sensitive data from future quantum attacks, according to McDowell.
“Quantum computing is coming faster than we think, especially at the ‘state actor’ level, which means the time to implement quantum-safe encryption is now,” he said.
He said step one is cataloging proprietary data to understand its long- and short-term value.
“If that data has long-term value to an attacker, then re-encrypt it with PQC algorithms. If not, they should still re-encrypt it, but it can be a lower priority. And any new data created should be encrypted with PQC encryption.”
Becoming a Quantum-Ready Organization
To understand how organizations are preparing for the quantum threat, The Forecast spoke with QuSecure co-founder and CEO Rebecca Krauthamer and co-founder and COO Skip Sanzeri. The company is a leader in the field of quantum cybersecurity and is working with global enterprises and government agencies to deploy quantum-resilient solutions on top of existing infrastructure.
According to Sanzeri, organizations are starting to upgrade their encryption now in anticipation of CRQCs.
“The reason they are moving now is that the upgrade process will take years,” he said. “Even if a federal government agency or commercial organization started the upgrade process today, they will need to add post-quantum encryption to all their digital communications to complete a full upgrade.”
Krauthamer encourages enterprises to take stock of the systems across their organization that rely on encryption and to combine PQC implementation with other proven cybersecurity approaches.
“The upgrade to cryptographically agile PQC should be baked into and inseparable from any zero-trust initiatives your organization is undertaking,” she said.
Businesses should also prioritize their data according to commercial importance and shelf life. “Certain types of data need to remain private for several years but are vulnerable to a unique type of breach,” Krauthamer continued.
This includes national security secrets, intellectual property, banking information and personally identifiable information — all of which are vulnerable to HNDL attacks. QuSecure recommends that organizations begin encrypting this data with PQC immediately to prevent future decryption.
Next, organizations can prioritize data that is important in the short-term but has little long-term value. According to Krauthamer, this includes examples such as “stock trades to be executed the following day and public company earnings filed shortly before announcing publicly.”
This type of data is valuable in the short-term, but quickly loses value over time.
Although companies don’t have to prioritize PQC migration for this data today, it will become a priority once CRQCs arrive and should be implemented in advance of this milestone. In addition, Sanzeri noted, many of these quantum protections will prevent adversarial artificial intelligence (AI) attacks, as well, which makes them as useful now as they will be later.
“My advice to IT practitioners is the same for quantum as any other cyber-protection effort: Stay current, as that gets you 90% of the way there,” McDowell said.
“If you’re using quantum-safe encryption for your long-term data at risk, the attacks will skate right past that to the company next door who didn’t turn on that feature on his storage array.”
If your current cybersecurity vendor doesn’t support PQC, ask them to start — or search for another vendor that understands the importance of becoming quantum-ready.
“The standards are there, and those standards are good enough to take us through the first generation of quantum computing,” McDowell concluded.
“Once the infrastructure is enabled, turn it on. Use it. Build a plan to understand your most vulnerable data and start protecting that data.”
Marcus Taylor has worked as a thought leadership writer and marketing leader for the information technology industry since 2016, specializing in AI/ML, cybersecurity and quantum computing. He is reachable through his website, mtwriting.com.
© 2025 Nutanix, Inc. All rights reserved. For additional information and important legal disclaimers, please go here.