FUTURE OR PRESENT
I often hear quantum computing described as something that belongs to the future. A powerful, transformative force that will one day reshape industries, economies, and scientific discovery. But when I look at it through a cybersecurity lens, the story feels very different. The risk is not sitting quietly on the horizon. It is already shaping how I think about protecting data today. This is where I see a lot of confusion. Many people assume quantum security only becomes relevant once quantum computers are widely available. From my perspective, the opposite is true. By the time quantum computing reaches maturity, it could already be too late to protect certain types of data. That distinction matters. As Jen Easterly, Director of the US Cybersecurity and Infrastructure Security Agency, puts it:
“The transition to post-quantum cryptography is not a future problem. It is a now problem.”
My goal here is to simplify two complex ideas, quantum computing and quantum security, and explain why I believe organisations need to act now, not later.
QUANTUM COMPUTING BASICS
When I break it down, traditional computers process information using bits, which exist as either 0 or 1. Quantum computers use qubits, which can exist in multiple states at the same time. This concept, known as superposition, allows quantum systems to process vast combinations of possibilities simultaneously. I do not need to dive deep into the physics to see the impact. The outcome is clear. Quantum computers can solve certain types of problems far more efficiently than classical machines. I see this applying to complex mathematical calculations, large-scale optimisation problems, and pattern recognition across massive datasets. That is why so many sectors, from finance to healthcare to logistics, are watching closely. What stands out most to me, though, is the impact on encryption. Modern cybersecurity depends on cryptographic algorithms that are considered secure because they are difficult to break. Classical computers would take thousands of years to crack them. Quantum computing has the potential to completely change that equation. As outlined by the National Cyber Security Centre, future quantum capabilities could render many widely used encryption methods ineffective.
QUANTUM SECURITY APPROACH
When I talk about quantum security, or post-quantum security, I am not talking about owning a quantum computer. I am talking about preparing for a world where quantum attacks are possible. For me, it is about strengthening what already exists so it can withstand what is coming. That means developing new cryptographic algorithms that quantum computers cannot easily break, replacing or upgrading existing encryption methods, and ensuring long-term protection of sensitive data. I see organisations like Cloudflare making an important point here. Preparation does not require futuristic infrastructure. It can start today, using what we already have. To me, quantum security is less about chasing the future and more about reinforcing the present so it does not collapse under future pressure.
HARVEST DECRYPT THREAT
The moment this really clicked for me was when I understood the concept of harvest now, decrypt later. This is not theoretical. It is already being used by sophisticated threat actors. The idea is simple. Data is intercepted today, stored, and then decrypted in the future when quantum capabilities catch up. What that means, in practical terms, is that data I consider secure today may not stay secure tomorrow. I see this as particularly dangerous for information with long-term sensitivity, such as intellectual property, financial records, government communications, and healthcare data. For organisations handling this kind of information, the threat is not abstract. It is already in motion. As Michele Mosca, a leading expert in quantum cryptography, explains:
“Any information that needs to remain secure for more than 10 years is already at risk today.”
DELAY IS RISKY
One of the biggest challenges I encounter is perception. Because large-scale quantum computers are not yet mainstream, it is easy to assume there is still plenty of time. I see this assumption leading to delayed decisions and increased exposure. From where I stand, transitioning to quantum-safe security is not something that happens overnight. It involves understanding where cryptography is used, mapping dependencies across systems, upgrading or replacing legacy encryption, testing for compatibility, and aligning with evolving regulatory guidance. Guidance from the National Cyber Security Centre reinforces what I already believe. Preparation needs to begin now because of the scale and complexity involved. Waiting only widens the gap between risk and readiness.
COMPUTING VERSUS SECURITY
- Quantum computing is the source of disruption.
- Quantum security is the response to that disruption.
I do not need to wait for quantum computers to become commercially viable to take action. In fact, waiting increases risk. What I see from forward-thinking organisations is a shift toward assessing cryptographic vulnerabilities, testing quantum-resistant algorithms, and building long-term security roadmaps. This feels like part of a bigger evolution in cybersecurity, moving away from reactive defence and toward proactive resilience.
CYBERSECURITY IMPACT SHIFT
What strikes me most is that quantum computing does not just introduce a new risk. It challenges the very foundations of modern security. Today’s systems rely on the assumption that certain problems are too difficult to solve within a reasonable timeframe. Quantum computing disrupts that assumption entirely. I see the implications stretching across data confidentiality, secure communications, digital identity, authentication, and regulatory compliance. Bruce Schneier captures this perfectly when he says:
“Attacks always get better. They never get worse”.
Organisations like Palo Alto Networks and Fortinet are already highlighting that quantum threats will require a fundamental rethink of how encryption is implemented and managed. From my perspective, this is not an upgrade. It is a reset.
BUILDING READINESS PATH
When I think about preparing for quantum security, I do not see it as a sudden transformation. I see it as a structured journey. It starts with understanding where encryption exists today and which systems rely on potentially vulnerable algorithms. From there, I focus on prioritising data that needs long-term protection, staying aligned with emerging standards, and beginning to map out a transition toward quantum-resistant solutions. I take reassurance from organisations like Orange, which emphasise that this is a gradual process. But it is only effective if it starts early.
LEADERSHIP AND AWARENESS
One thing I am certain about is that technology alone will not solve this challenge. Awareness at the leadership level is critical. Decision-makers need to understand that the risk timeline is longer than most cybersecurity threats, that the impact goes beyond IT into operations and reputation, and that early action creates a real strategic advantage. For me, quantum security is not just a technical issue. It is about resilience, trust, and long-term thinking.
ACT BEFORE BREAKPOINT
As Whitfield Diffie, a pioneer of modern cryptography, puts it:
“The future of cryptography is about anticipating attacks before they are practical”.
That idea stays with me. Quantum computing will unlock extraordinary possibilities. It will accelerate innovation and redefine what technology can achieve. But it will also expose the limits of the systems we rely on today. The key takeaway, as I see it, is simple. I do not need a quantum computer to be vulnerable to quantum threats. The risk already exists in the data being collected today and potentially decrypted in the future. The organisations that act early will not just protect their data. They will position themselves as trusted, forward-thinking leaders in a world that is changing faster than many realise.