Post-Quantum

What is the Quantum Threat? A Guide for C‑Suite Executives and Boards

Photo of Marin Ivezic Marin Ivezic Follow on X Send an email July 19, 2025
22 minutes read
Quantum Threat Board C-Suite

Cybersecurity has been at or near the top of corporate risk lists for years. As many board members are aware, these days many regulators worldwide, more or less explicitly, indicate that ultimate accountability for cyber risk rests with the board. In some cases, board members could even be held personally liable for major cybersecurity lapses. But just as organizations and their boards have started to get a handle on traditional cyber threats, a new, even more serious cyber risk is emerging. Quantum computing is described as the “skeleton key” of the digital world – an ultimate master key that could potentially unlock almost all of today’s cyber protections. In other words, quantum computers pose a universal cyber threat more serious than any we have seen before.

I’m stepping outside my usual lane with this post. Most of my writing is aimed at techies. Lately, though, more and more boards have called me in for private briefings – directors who understand that quantum computing could up‑end cybersecurity but don’t want a lecture on lattice math or the alphabet soup of vulnerable algorithms. They want the big picture: How serious is the threat, how soon do we need to act, and what exactly should we be asking our CISOs, CIOs, and CROs (Chief Risk Officers)? So, while there are plenty of “Quantum 101” articles already, I tried to distill the lessons I’ve learned from those boardroom conversations.

The Quantum Threat in Plain Language

Think of the encryption protecting your company’s sensitive data as a set of very strong locks. These locks safeguard everything from financial records and customer information to trade secrets and communications. Traditional hackers try to pick these locks through various means – exploiting software vulnerabilities, stealing passwords, phishing, tricking your teams to let them in, or other piecemeal attacks. It’s a constant cat-and-mouse game of patching holes, improving defenses, and managing the human side of these vulnerabilities.

Now imagine someone invents a super tool that can instantly open almost any lock. This is essentially what a large-scale quantum computer could become for cyber criminals and adversaries – thanks to a very different way these machines handle computations. Without diving into the science, the bottom line is that many of the toughest mathematical problems that keep our encryption secure today could be solved much faster by a quantum computer. What might take a classical computer millions of years to crack could potentially take a sufficiently powerful quantum computer just days or hours.

In practical terms, that means the core encryption algorithms underpinning online banking, secure emails, e-commerce, corporate VPNs, and even state secrets would no longer be safe. All the familiar acronyms (the encryption standards we use daily) rely on mathematical puzzles that quantum technology aims to dismantle. With a powerful quantum computer, an attacker wouldn’t need to hunt for one weakness at a time, try to trick people into installing malware, figure out complex workarounds to get some access to your data – they could go at the core of your systems and simply and directly break almost any cryptography they select. It’s the difference between trying to pick one lock at a time versus having a “master key” that opens any door.

Why Worry Now? The Clock Is Ticking

It’s true that today’s quantum computers are still in their infancy and not yet capable of cracking internet-grade encryption. However, the quantum threat is not a distant sci-fi scenario – it’s advancing steadily. We estimate that within five years, we could reach a point where quantum machines can threaten common cryptography. In fact, companies like IBM and Google are making rapid progress in quantum computing each year, and governments around the globe are investing heavily to be at the forefront of this race.

Perhaps it’s five years until our current cyber protections are truly under threat, and a few more years after that before quantum computing becomes so commonplace that every large organization could realistically be targeted. Nevertheless, the clock is already ticking. Whether your organization is at risk in five years or fifteen, you must start preparing for it now.

The critical issue for boards is one of timing: we are essentially in a race between the pace of quantum development and our defensive preparations. Here’s a simple way to frame the challenge:

  1. Data shelf-life: Consider how long you need your data to remain secure. For example, if you have customer records, intellectual property, or confidential documents, ask yourself how many years into the future that information must stay protected. For certain sensitive data, this could easily be 5, 10, or even 20+ years.
  2. Upgrade time: Estimate how long it would take to overhaul your organization’s cryptographic protections once new quantum-safe solutions are available. Replacing or upgrading encryption across all systems is a massive effort – it can take many years (often close to a decade) to plan, budget, test, and deploy updated technologies company-wide.
  3. Time until quantum threat (Q-Day): Consider how soon attackers might have a quantum computer powerful enough to break current encryption. Some forecasts say this could be as soon as 2030 (often referred to as “Q-Day,” the day quantum code-breaking becomes reality), though no one knows for sure.

If the sum of the first two factors (data shelf-life + upgrade time) exceeds the expected time until quantum cracking arrives, then we have a serious problem. In that scenario, even data being encrypted today could eventually be exposed. This isn’t just theoretical – security experts call it the “harvest now, decrypt later” threat. An adversary could steal encrypted information now and simply hold onto it; years later, once they obtain a powerful quantum tool, they can decrypt that data retroactively. In fact, there is solid evidence that some attackers may already be quietly doing this, stockpiling encrypted data in preparation for the day they can unlock it.

To underscore why action is needed now, consider how rapidly awareness of the quantum threat has grown in the last 12–18 months. As recently as early last year, there were still valid questions about the feasibility of quantum computing at all. But the scientific and engineering advances that happened over the last approximately two years have removed any doubt that quantum computers are coming. Today, industry experts and governments alike have aligned on the view that quantum computing is coming and that is likely coming faster than we expected. With this shift in mindset, proactive measures across the ecosystem are multiplying:

Regulators are issuing new cybersecurity guidelines that account for the quantum era. Insurers are deciding how to evaluate their policyholders’ quantum readiness and even considering carving out quantum-related attacks from coverage. Clients are assembling questionnaires to assess whether their vendors’ quantum preparedness meets acceptable risk tolerances. And shareholders and analysts started asking in earnings calls about firm’s preparedness for the quantum computing threat. In short, even if truly powerful quantum computers take many more years to arrive, the entire ecosystem is moving toward proactive preparation. You can’t wait any more.

For boards, the message is clear: waiting until quantum computers are operational to take action will be too late. By then, any encrypted data stolen under the radar today could result in a catastrophic breach of confidentiality once attackers unleash quantum decryption. And in the meantime, you will be putting your reputation, your client relationships, your insurance costs, and even potentially your license to operate, at risk if you continue delaying quantum readiness. The time to act is now.

A Board-Level Risk and Responsibility

Why should busy board directors and executives pay attention to something that sounds like a technical R&D problem? Because quantum cyber risk is ultimately a business risk and a governance issue. When the day comes that today’s encryption fails, the fallout will be felt across every function of the enterprise – legal, financial, operational, reputational. It has been said that quantum computing is the one threat that could undermine all other cyber protections at once. It’s like the “ultimate hack.”

Regulators certainly recognize this. Around the world, a growing number of regulators and standards bodies have been explicitly warning that boards of directors are on the hook for managing cyber risks in this evolving landscape. In practical terms, this means boards need to be proactive and exercise proper oversight of how their organization is preparing for quantum-related threats. Failing to do so could be seen as a lapse in fiduciary duty. And as mentioned earlier, some jurisdictions even attach personal liability to board members for major oversight failures in cybersecurity. The tone from the top matters: if the board and senior executives prioritize quantum risk, management will follow.

It’s worth noting that cybersecurity has not only been a top corporate risk for years, but also a frequent topic in boardrooms already. Directors are used to discussing ransomware attacks, data breaches, and IT compliance issues. Quantum elevates this discussion to a new level because it threatens the very foundations of digital security. Board members don’t need to become cryptography experts, but they do need to grasp the magnitude of this threat in order to ask the right questions and allocate resources appropriately. Just as boards navigated the challenges of digital transformation and cloud security in past years, now they must guide their organizations through a looming transformation in encryption and trust.

An analogy might help here. Think of the familiar movie trope: a master or “skeleton” cyber key that can breach the U.S. Federal Reserve, plunge a nation into darkness, or trigger nuclear Armageddon. A single all-powerful hacking tool that can give its holder unprecedented power and wealth. Once pure fiction, that all‑powerful hacking tool is edging toward reality. Without an upgrade to quantum‑resistant defenses, tomorrow’s quantum computers could function exactly like those imagined keys – instantly unlocking the encryption that underpins our entire digital ecosystem. That is why quantum risk is a strategic concern, not a niche technical issue. It spans every sector, from banking and healthcare to energy grids and national security. In short, if your industry relies on encryption, and virtually all do, quantum readiness belongs on the board’s enterprise‑risk agenda at the highest level.

Preparing for a Quantum-Resistant Future

The good news is that the technology community is not standing still. Researchers and cybersecurity experts anticipated this threat and have been developing new forms of encryption to withstand quantum attacks. These next-generation cryptographic techniques are often called post-quantum cryptography (PQC) or quantum-resistant algorithms and formal PQC standards are being finalized. Most of governments and sectoral regulators have issued, or are planning to issue, PQC and quantum readiness related directives and advisories, underscoring that this is a global concern.

However, developing new PQC encryption is only half the battle. Implementing it across all systems is a colossal task. Consider the scale: every application, device, database, and network in your organization may need updates. Or replacements. This includes everything from customer-facing websites to internal HR databases, from cloud service connections to the firmware on IoT devices. From your critical business applications, to the connected aquarium thermostat in the CEOs office.

More than that, almost every vendor relationship will have to be reviewed, renegotiated, or even potentially replaced. If a vendor cannot upgrade their systems or products to a quantum resistant version on time, you might have to replace them.

It’s also a bit like replacing the engines on a moving airplane – you will have to upgrade all these critical components and vendor relationships without disrupting the ongoing operations.

Such transitions take years of planning and execution. Regulators and standards-setting organizations that have published related guidances so far have sketched out a roadmap suggesting that vulnerable encryption methods be phased out over this decade and replaced by quantum-safe solutions in critical systems by e.g. 2030 and for all the systems latest by around 2035. That might sound far off, but hitting those deadlines requires starting well now. Large organizations, especially those with heavy technical debt or legacy systems, will need much of this time to inventory their cryptographic usage, test new solutions, train their IT staff, update vendors and contracts, and roll out changes gradually. Smaller companies might adapt faster, but they too depend on the broader technology ecosystem (hardware, software, cloud platforms) to support these new standards.

From a board perspective, ensuring crypto-agility (the ability to swap out cryptographic tools easily) should be part of your IT strategy. Management should be encouraged to incorporate quantum resistance into their long-term tech roadmaps and risk assessments. This might involve:

  • Identifying which assets and data are most critical and sensitive (and thus highest priority for quantum-safe protection).
  • Monitoring industry guidance and collaborating in information-sharing forums about quantum readiness.
  • Engaging with vendors and third-party providers to understand their plans for post-quantum security – you don’t want your supply chain to be the weakest link.
  • Considering investments in interim measures like quantum-resistant VPNs or encryption modules, if available, for especially high-value data.
  • Keeping abreast of regulatory expectations to avoid compliance surprises related to quantum security (for example, future reporting requirements about how you are addressing this risk).

A key point to emphasize in planning is that protecting data isn’t just about the future, it’s also about the present. Strengthening your security now (using the best practices we already know, such as strong access controls, monitoring, and layered defenses) will help mitigate threats in the interim period before quantum arrives. It can also make the eventual transition smoother. For instance, cleaning up outdated encryption and centralizing key management now will make it easier to swap in new algorithms later. In short, becoming quantum-ready is an extension of good cybersecurity hygiene and forward-looking risk management.

Key Questions for Board Members to Ask

To fulfill your oversight role in the face of this quantum challenge, board members should start by asking the right questions of their CIO, CISO, or CRO. The goal is to gauge the organization’s preparedness and to spark proactive planning. Here are some sample practical questions boards might pose:

  • What is our exposure to the quantum threat? – Do we know which of our critical systems and data would be vulnerable if today’s encryption were suddenly broken? For example, what data – if stolen today – could cause harm to our company 5, 10, or 20 years down the line if decrypted? And if we don’t know, how quickly can we find out and have a report on it?
  • How long do we need our data to remain confidential? – Which data assets have a long security shelf-life and are we confident they will remain protected over that period given the quantum risk? (Think of personal customer information, intellectual property, legal records, etc., that might still be sensitive years from now.)
  • Do we have a transition plan to quantum-safe encryption? – What is our strategy and timeline for migrating our systems to post-quantum cryptography once standards are ready? Have we allocated budget and resources for this multi-year project? The board should ask if there’s a clear roadmap (3–5 year plan) for upgrading cryptographic systems and if critical data, especially data needing long-term confidentiality, will be protected in time.
  • How are we defending against “harvest now, decrypt later” risks to our data? – Adversaries may steal encrypted data now and hold it until quantum decryption is available. Directors should verify that management is addressing this risk by securing or migrating sensitive data as soon as possible. For example, are we encrypting today’s high-value information with quantum-resistant tools or limiting the lifespan of secrets? Ignoring this threat could leave the company exposed to future breaches – a failure that might even be seen as negligence years down the line.
  • Are we tracking guidance and regulations on quantum security? – Are we following industry standards and keeping an eye on emerging regulations or laws that require action on quantum readiness? In other words, how are we staying informed and compliant with evolving expectations around this issue? Can we include briefings on relevant quantum readiness-related regulatory requirements in our regular schedule?
  • Are we following already issued recognized standards and best practices for quantum-safe security (e.g. NIST guidelines)? – Industry standards bodies and governments are already issuing guidance on quantum-safe measures. For instance, the U.S. National Institute of Standards and Technology (NIST) has published post-quantum cryptography standards. Boards should ask if the company is tracking and implementing such guidance early, as doing so can strengthen our security posture and ensure we meet the evolving definition of “reasonable” cybersecurity in the eyes of regulators.
  • What is our contingency plan if quantum breakthroughs arrive sooner than expected? – Estimates for practical quantum attacks range widely, so prudent risk management means planning for accelerated timelines. The board should know if management has done scenario planning for an early quantum decryption capability (e.g. what immediate steps would we take if a new quantum method threatened our encryption in 2027?) This ensures the organization isn’t caught flat-footed and can respond rapidly to protect critical assets.
  • Are our critical systems architected for crypto‑agility – that is, can we swap out today’s encryption algorithms for quantum‑safe alternatives quickly and without wholesale re‑engineering, and have we tested that capability end‑to‑end? – If our infrastructure is not crypto‑agile, the post‑quantum migration could become a costly, multi‑year overhaul with potential downtime. Verifying and exercising agility now ensures we can pivot promptly as standards evolve or new vulnerabilities appear – turning a massive “forklift” project into a routine upgrade.
  • How are we evaluating and ensuring our critical vendors and partners are prepared for quantum-related risks? – Even if we strengthen our own systems, our security is also dependent on partners, suppliers, cloud providers, and software vendors. A third-party failure to upgrade cryptography or infrastructure could become our failure. Directors should ask whether vendor risk assessments include quantum readiness – for example, are we inquiring about our suppliers’ plans to adopt post-quantum encryption? If key partners (cloud providers, software vendors, etc.) aren’t transitioning to quantum-safe solutions on a reasonable timeline, they could become weak links that expose our data or operations.
  • Have we updated our third-party risk management policies to address quantum threats? – Boards should ensure that management is strengthening supply chain security practices in light of quantum risks. This might include updating contract requirements or security questionnaires to cover quantum-safe practices, and seeking assurances or roadmaps from vendors (e.g. when will their products support quantum-resistant encryption?) Being proactive here not only protects our information but also sends a signal that we expect business partners to uphold cutting-edge security standards.
  • Could quantum computing create new vulnerabilities in our supply chain (for example, in blockchain or secure communications we rely on)? – Quantum technology might undermine certain technologies used in supply chains – for instance, blockchain systems or VPNs could be at risk if their cryptography isn’t quantum-safe. By asking this question, the board prompts management to evaluate downstream risks: If a critical supplier’s systems were compromised by quantum-enabled attacks, do we know the impact on our operations? Are we working with partners on mitigation (such as quantum-resistant blockchain protocols or Quantum Key Distribution for communications) if relevant? This ensures a holistic view of risk beyond our own walls.
  • Has the organization included quantum computing risks in its enterprise risk assessments and scenario planning exercises? – Quantum risk should be treated like other major emerging risks – identified, analyzed, and regularly reviewed at the highest levels. Boards should verify that management has formally recognized quantum threats (e.g. encryption failure, data exposure) on the risk register and is conducting “what if” scenario planning. For example, has management modeled the potential impact of a quantum-powered breach or the sudden availability of a disruptive quantum technology on our business? Proactive scenario planning now will help avoid panic later and ensure a measured, prepared response to quantum-driven events.
  • Have we designated clear ownership and accountability for quantum risk management within the executive team? – Given the cross-cutting nature of quantum (touching IT, security, strategy, etc.), the board should know who is in charge of coordinating the company’s preparations. Whether it’s the CISO, CIO, CRO or a dedicated “quantum readiness” leader, someone should be driving the effort. Asking this question prompts clarity on governance: is there a steering committee or task force for quantum risk? A named executive “quantum champion” can ensure continued focus and regular reporting to the board on progress.
  • What insurance coverage do we have for losses related to quantum computing threats, and are we meeting insurer expectations to maintain that coverage? – Cyber insurance and other policies are beginning to pay attention to quantum risks. Directors should ask if our policies would cover, say, a data breach caused by a quantum-enabled attack, and what conditions apply. Importantly, insurers and underwriters may soon require companies to implement quantum-safe controls (following frameworks like NIST’s) as a condition of coverage. The board should ensure management is engaging with insurers about this emerging risk and taking steps to remain insurable – or otherwise have a financial risk transfer plan for quantum-related losses.
  • Are we adequately funded and resourced for our quantum risk mitigation and transition projects? – Transitioning to new encryption or investing in quantum-safe technologies will require resources (budget, tools, personnel). The board oversees major expenditures and risk mitigation investments, so directors should ask if management has budgeted appropriately for quantum readiness. This might include costs for new software/hardware, external experts, training, or pilot projects. Under-resourcing this initiative could leave us dangerously exposed; conversely, well-planned investments now can prevent much larger losses later.
  • Are we aware of and preparing for new regulations or standards related to quantum cybersecurity in the regions we operate? – Governments and regulators around the world are waking up to quantum risks. For instance, financial regulators (G7 Cyber Expert Group, etc.) have encouraged firms to begin planning for quantum threats and transitions to quantum-resilient technologies. The board should ask if management is monitoring such developments and ensuring our transition plans meet or exceed forthcoming requirements. This is especially vital for sensitive sectors like finance or healthcare, where regulators started to ask for demonstrable quantum-safe measures.
  • How are we managing our legal liability and duties in light of the quantum threat? – Directors have a duty to ensure the company takes “reasonable” security measures – a standard that is evolving with technology. If we fail to upgrade our protections knowing the quantum threat is on the horizon, we could face lawsuits or regulatory penalties for negligence or non-compliance. The board should press management on whether our quantum preparedness (or lack thereof) could expose the company to privacy law violations, contract breaches (e.g. if we promised certain data security levels), or shareholder claims. In short: Are we doing enough, soon enough, to satisfy our legal obligations for cybersecurity in the quantum age?
  • Do we have a plan to update our policies, disclosures, and agreements in light of quantum computing? – As we adapt to quantum-safe practices, there may be a need to update privacy notices, security policies, and even contracts. Boards should consider whether, for example, customer or partner agreements need clauses about quantum-safe data protection, or if public disclosures (in risk factors, etc.) acknowledge the quantum risk. Proactively addressing these areas can demonstrate diligence. Moreover, if we engage in quantum-related activities (like offering a quantum-based service), have we evaluated intellectual property risks or export control laws that might apply to quantum technology? Ensuring legal preparedness across the board will help avoid surprises and keep stakeholders informed.
  • How are we aligning with government or industry initiatives on quantum security (e.g. standards, consortiums)? – Quantum computing also has a geopolitical and national security dimension, and governments are actively promoting standards and best practices. Directors might ask whether the company is participating in any industry consortiums or public-private partnerships on quantum security. Aligning our efforts with broader initiatives can not only ensure compliance but also provide support and knowledge-sharing as we navigate the quantum transition.
  • Do we have the right expertise to tackle quantum computing challenges and opportunities, and what is our plan to address any talent gaps? – There is a well-documented quantum talent shortage, meaning competition for experts in quantum science and cryptography is intense. The board should inquire how management plans to attract or develop talent in this niche. Are we hiring specialists, upskilling existing staff, or partnering with external experts or universities? Waiting too long could leave us scrambling for skills at the last minute. This question also signals that the board prioritizes having knowledgeable people in place so that quantum initiatives (or defenses) can be executed effectively.
  • How are we training our current technology and security teams for the coming transition in cryptography and systems? – Even before quantum computers are deployed, IT and security professionals need to learn new tools and techniques (for example, implementing post-quantum encryption algorithms). Boards should ask if there are training programs or resources being provided so that teams can experiment with and understand quantum-safe solutions. A smooth transition depends on people knowing what to do – if our staff isn’t prepared to deploy new encryption or handle quantum systems, technical readiness plans could falter.
  • What is our approach to educating the board and executive leadership about quantum computing risks and opportunities? – Oversight is only effective if directors understand the issue. Given the general lack of quantum risk awareness among board members reported in industry surveys, it’s prudent to close that knowledge gap. The board (perhaps through the nominating and governance committee) should ensure that it receives periodic briefings or education on quantum developments – whether via management presentations, outside experts at board meetings, or reading materials. Asking management this question may prompt scheduling a quantum deep-dive session or adding quantum updates to the board agenda. An informed board is better equipped to ask management the tough questions and support strategic decisions regarding quantum tech.
  • Are we cultivating a culture of adaptability and continuous learning in light of emerging technologies like quantum computing? – This broader question goes to organizational culture. Quantum computing is just one of several disruptive technologies on the horizon. Boards may inquire how management encourages teams to stay curious and agile – for example, are innovation teams or R&D groups exploring quantum use cases (even experimentally)? Do performance and training programs reward learning new skills? Such cultural readiness can determine whether the company can pivot and capitalize on new technology or whether it falls behind. The tone from the top (including the board’s) should emphasize that preparing for the future is part of everyone’s job, not just a one-time project.

It’s worth remembering that quantum isn’t only a looming threat – it’s also a once‑in‑a‑generation opportunity. The same technology that could crack today’s encryption might also revolutionize drug discovery, materials science, logistics, portfolio optimization, and countless other domains. Boards that focus solely on the downside risk run the parallel danger of being out‑innovated by nimbler competitors who seize quantum’s upside first. In other words, quantum belongs on the governance agenda not just under risk, but under strategy as well. Or, if you only want to look at the risks, you can frame this discussion as a critical risk of being out-innovated. In any case, exploring that opportunity side – where to place early bets, how to build talent pipelines, and when to partner or acquire, deserves its own deep dive, maybe in some other post. But, even though this post is supposed to be cyber-focused only, here are a few strategy (our “out-innovation” risk) questions you could consider:

  • What is our long-term strategy for quantum computing, and which parts of our business could benefit most from it? – Directors should elevate the discussion beyond IT and into corporate strategy. Quantum computing capability may still be maturing, but companies need to think 5–10 years ahead about its strategic impact. Asking this question urges management to articulate whether (and how) quantum appears in the company’s strategic roadmap. For example, are there business areas – logistics, drug discovery, financial modeling, material design, etc. – where quantum could provide a game-changing advantage or solution? Even if the decision is to monitor and wait, the board should ensure that decision is deliberate and that opportunities are regularly revisited as the technology progresses.
  • Have we identified critical problems or goals that current computing can’t achieve, but quantum computing might solve? – Quantum computing isn’t an end in itself; it’s a means to solve previously intractable problems. Management should be encouraged to pinpoint “moonshot” challenges or inefficiencies that, if solved, would significantly transform the business. This could be anything from vastly improved optimization of supply chains, to breakthrough AI/machine learning performance, to new product discovery. By asking this, the board prompts management to engage in creative, forward-thinking analysis: what would we do if quantum computing delivered its promise? Are we prepared to act on those breakthroughs or partner with others who can?
  • How are we tracking what our competitors and industry peers are doing in quantum computing? – The board should ensure the company isn’t blindsided by competitors leaping ahead. Quantum is an area where early movers could gain a significant edge, and those unprepared may be “left in the dust” by those who harness it. Directors might ask if management conducts competitive intelligence on quantum – for example, monitoring announcements, investments, or partnerships by industry peers. If competitors or new entrants are experimenting with quantum solutions, the board should know how our company plans to respond (or not) and why. This keeps the discussion grounded in the reality of market dynamics, not just theoretical tech.
  • Are we engaging in partnerships, research initiatives, or investments to explore quantum technology? – Few organizations can go it alone in quantum computing. Boards should inquire about the company’s external engagements: Are we collaborating with startups, universities, or consortia on quantum research and experimentation? Have we considered joint ventures or investments to keep a foot in the quantum arena? Such partnerships can provide early access to knowledge and talent, and help spread the cost and risk of innovation. A company that actively participates in the quantum ecosystem is more likely to spot emerging uses or pivot when the technology matures, whereas a company in isolation might miss the boat on critical innovations.
  • How will quantum computing (when mature) impact our existing digital transformation plans (e.g. AI, blockchain, cloud)? – Quantum isn’t happening in a vacuum – it will interact with other technologies. Boards should ask if management has evaluated whether quantum advances could accelerate, disrupt, or necessitate changes to ongoing initiatives in AI, data analytics, blockchain, and so on. For example, if quantum computing can vastly improve machine learning, are we poised to take advantage? Or if it might break certain blockchain encryption, are we avoiding over-reliance on those? By integrating quantum into our overall tech strategy, we ensure a cohesive approach. This question helps the board verify that quantum is considered in context, not as an isolated topic.

By asking these questions, the board can signal that quantum risk is a priority and get a clearer picture of where the organization stands. The answers will help identify gaps – perhaps the company hasn’t done a quantum risk assessment yet, or maybe there’s a lack of talent who understand the issue. It’s far better to surface those gaps now than to discover them after a quantum-related breach.

Conclusion

Quantum computing may sound like a futuristic concept, but its implications for cybersecurity are very real and unfolding today. Boards do not need to dive into the scientific intricacies of qubits and algorithms, but they do need to recognize that this is a strategically important risk – one that can’t be simply delegated away. It requires the same level of governance attention as other enterprise-level risks like financial compliance, geopolitical factors, or pandemic preparedness.

The comforting news is that if organizations act early, the quantum threat can be managed. Think of the proactive stance many companies took with Y2K in the late 1990s – those who started early averted disaster. Similarly here, those who begin preparing for quantum now (even while the technology is still maturing) will be in the best position to avoid chaos later. Early movers might even gain competitive advantages, by earning customer trust through their security resilience or by integrating quantum-safe technologies into their innovation roadmaps.

In the end, addressing the quantum cybersecurity threat is about preserving trust.

Photo of Marin Ivezic Marin Ivezic Follow on X Send an email July 19, 2025
22 minutes read
Photo of Marin Ivezic

Marin Ivezic

I am the Founder of Applied Quantum (AppliedQuantum.com), a research-driven professional services firm dedicated to helping organizations unlock the transformative power of quantum technologies. Alongside leading its specialized service, Secure Quantum (SecureQuantum.com)—focused on quantum resilience and post-quantum cryptography—I also invest in cutting-edge quantum ventures through Quantum.Partners. Currently, I’m completing a PhD in Quantum Computing and authoring an upcoming book “Practical Quantum Resistance” (QuantumResistance.com) while regularly sharing news and insights on quantum computing and quantum security at PostQuantum.com. I’m primarily a cybersecurity and tech risk expert with more than three decades of experience, particularly in critical infrastructure cyber protection. That focus drew me into quantum computing in the early 2000s, and I’ve been captivated by its opportunities and risks ever since. So my experience in quantum tech stretches back decades, having previously founded Boston Photonics and PQ Defense where I engaged in quantum-related R&D well before the field’s mainstream emergence. Today, with quantum computing finally on the horizon, I’ve returned to a 100% focus on quantum technology and its associated risks—drawing on my quantum and AI background, decades of cybersecurity expertise, and experience overseeing major technology transformations—all to help organizations and nations safeguard themselves against quantum threats and capitalize on quantum-driven opportunities.
Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Bluesky
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap