Introduction
The advent of quantum computing poses significant challenges to current encryption methods, with many organizations unprepared for the potential threats. Despite the urgency [4], a majority of IT professionals have not yet developed strategies to counteract these risks. This document explores the current state of preparedness, the potential impacts of quantum computing on cybersecurity [6], and the steps being taken to mitigate these threats.
Description
Most organizations lack a defined strategy to defend against quantum-enabled threats [1] [2], with only 4% of IT professionals reporting such a strategy in place and just 3% considering quantum computing a high business priority [1] [2]. Alarmingly, over half (59%) of respondents have taken no steps to prepare for the implications of quantum computing, which experts warn could compromise current encryption protocols like RSA and AES [1] [2], exposing sensitive data and systems to significant risks. A substantial 62% of European IT professionals express concerns that quantum computing could undermine internet encryption, jeopardizing the confidentiality of sensitive data [6], financial transactions [5] [6], medical records [6], and government systems [6]. Additionally, 56% are worried about the practice of “harvest now [3], decrypt later,” where cybercriminals collect encrypted data now to decrypt later when quantum computing becomes viable [3]. Furthermore, 67% of professionals believe that quantum advancements may increase or shift cybersecurity risks in the next decade, with 40% fearing disruptions to existing business models [7]. A striking 57% anticipate new business risks arising from the advent of quantum technology, and 52% expect changes in skill requirements due to its impact.
In response to these threats, the National Institute of Standards and Technology (NIST) has released its first set of post-quantum cryptographic standards [5], which include three algorithms designed to provide quantum-resistant solutions [2], such as digital signatures and key-encapsulation mechanisms [2]. Organizations are advised to proactively plan for a post-quantum world by educating stakeholders on the associated risks, assessing vulnerabilities [2], transitioning to quantum-resistant encryption [2], and upgrading their digital infrastructure. Predictions indicate that quantum technology could mature to break current encryption within seven to 15 years [2], aligning with the 61% of European respondents who foresee a similar timeline [2].
Despite the urgency, 40% of cyber and IT professionals report that their organizations have not considered implementing post-quantum cryptography [4] [7], indicating a pressing need for organizations to assess their capabilities in this area. While 25% believe that the transformative potential of quantum computing will be realized within the next five years [3], and 39% anticipate it will occur in six to ten years [3], a significant 30% of cyber and IT professionals lack a solid understanding of quantum computing capabilities [3], highlighting the need for upskilling and education in the workforce [3].
To counter the threats posed by quantum computing to current encryption methods [4], solutions such as Quantum Key Distribution (QKD) are being explored [4]. This technology generates keys resistant to quantum decryption [4], with companies like Single Quantum and Toshiba developing it for fiber optic connections [4]. However, there is no consensus on the most effective approach [4], as some organizations advocate for alternative methods that may be more cost-effective and widely applicable [4]. The G7 Cyber Expert Group [5], led by the US Department of the Treasury and the Bank of England [5], is advising financial authorities to take proactive measures against quantum risks [5], encouraging organizations to plan for a phased migration of their IT infrastructure to ensure data security in a post-quantum era [5].
Ramses Gallego [1], ISACA Barcelona Chapter President [1], emphasized the potential for a world with no secrets and no barriers or borders [1], while Chris Dimitriadis [4] [7], Chief Global Strategy Officer at ISACA [4] [7], stresses the necessity for organizations to proactively plan for a post-quantum world and to develop a workforce skilled in both quantum technologies and AI [4] [7]. Recent collaborations and developments in quantum technology in Europe [4], including significant investments like the Spanish Government’s Quantum Strategy [6], indicate a growing interest [4], but the urgency remains for organizations to respond adequately to the potential quantum threat [4]. The inevitability of “Q-day,” when quantum computers can break current encryption [6], underscores the critical need for organizations to prioritize quantum threat preparedness while also recognizing the potential business opportunities that quantum computing may present.
Conclusion
The potential impact of quantum computing on current encryption methods is profound, necessitating immediate action from organizations worldwide. Mitigation strategies, such as adopting post-quantum cryptographic standards and exploring technologies like Quantum Key Distribution, are essential [5] [6] [7]. As the timeline for quantum advancements becomes clearer, organizations must prioritize education and upskilling to prepare for the changes ahead. The proactive measures taken today will determine the resilience of data security in the quantum era, highlighting the dual nature of quantum computing as both a threat and an opportunity for innovation.
References
[1] https://www.infosecurity-magazine.com/news/isaca-lack-quantum-threat/
[2] https://ciso2ciso.com/isaca-highlights-critical-lack-of-quantum-threat-mitigation-strategies-source-www-infosecurity-magazine-com/
[3] https://www.financialcontent.com/article/bizwire-2025-4-28-despite-rising-concerns-95-of-organizations-lack-a-quantum-computing-roadmap-isaca-finds
[4] https://www.techzine.eu/news/infrastructure/130894/european-it-professionals-fear-impact-of-quantum-computing-on-cybersecurity/
[5] https://www.csoonline.com/article/3609168/11-biggest-financial-sector-cybersecurity-threats.html
[6] https://www.networkworld.com/article/3971057/ramses-gallego-isaca-there-is-a-significant-lack-of-quantum-literacy.html
[7] https://www.finanznachrichten.de/nachrichten-2025-04/65230962-isaca-quantum-computing-s-rapid-rise-is-a-risk-to-cybersecurity-and-business-stability-but-organisations-are-unprepared-004.htm
