Businesses are facing escalating cyber threats as quantum computing technology approaches faster than anticipated. The potential for quantum computers to undermine asymmetric encryption has been a known risk since 1994, when mathematician Peter Shor introduced Shor’s algorithm. However, the substantial computational power required made it seem like a distant concern. Now, with pioneering companies actively exploring quantum solutions, PwC estimates that widespread adoption could begin within the next five years, prompting security leaders to take immediate action.
According to Anton Tkachov, Managing Director and Cybersecurity Transformation Lead at PwC UK, the timeline for the quantum rollout is shrinking rapidly. “We once believed the post-quantum era was a generation away. Today, it’s five years off; it may be even closer next year,” he stated. This swift advancement means that current encryption methods may soon become inadequate, as merely increasing key lengths will not suffice.
The implications of this shift are profound. As Tkachov explained, “Cryptography underpins both the security of data at rest and authentication. In the post-quantum era, both will be vulnerable.” The risk is not limited to future attacks; data encrypted today remains secure only temporarily. “Encrypted data stolen today is still safe—for now,” Tkachov warned. Once quantum machines become operational, attackers could potentially decrypt this data, exposing sensitive information and eroding customer trust.
Data such as mortgage approvals and medical records retain substantial value over time, making them prime targets for cybercriminals. With the knowledge that they can stockpile stolen data, these actors may bide their time until quantum technology advances.
As a result, organizations must begin to transform their approach to cryptography. Clinton Firth, Partner of Cybersecurity at PwC Middle East, emphasized the urgency of modernization. “We know cryptography modernization takes time. When the Data Encryption Standard (DES) was broken in 1997, it took many businesses nearly a decade to transition to the Advanced Encryption Standard (AES). This time, they don’t have such time to spare.”
Preparing for the post-quantum era presents several challenges. Recruiting skilled professionals is essential, yet difficult, given the unique expertise required to implement quantum-safe technologies. Additionally, organizations may need to rely on multiple vendors for quantum-ready solutions, complicating their strategies.
Raising awareness of the quantum threat is critical. “CISOs need to recognize that this is a real and immediate risk—not a problem for tomorrow,” Firth said. He urged that this understanding should be elevated within the risk management function and included in the organization’s risk register.
To effectively prepare for the post-quantum landscape, PwC recommends several immediate priorities. A focus on agility will be crucial. As Tkachov explained, “In the age of quantum computing, we must aim for crypto agility—the ability to quickly adapt and transition to new encryption methods as threats evolve and standards emerge.”
For further insights on preparing for a post-quantum world, organizations are encouraged to register for PwC’s upcoming webinar. This proactive approach can help businesses establish a solid foundation to navigate the challenges posed by quantum computing, ensuring their data remains secure in an increasingly complex digital environment. For additional information regarding the implications of quantum computing on data security, refer to PwC’s report titled “Quantum Computing: Is Our Data Still Safe?” published in January 2025.
The advent of quantum technology poses unprecedented challenges, but with proactive measures, organizations can mitigate risks and safeguard their digital assets.
