About usPower of DataOur Future WorkforceFuture of DefenceTalent Economy
Opportunities in STEMIndustrial strategyBusiness TravelResponsible BusinessRetail & E-Commerce
Artificial IntelligenceRenewable FuturesTaxFintechCybersecurity & Cloud Computing
PropertySmart CitiesProject managementEducationAerospace
Future of TaxCareers in Tech & EngineeringFuture of workSupporting SMEsSport
Business ResilienceNational Inclusion WeekEmployee WellbeingSTEMFinance
Entrepreneurs & SMEsGaming & EsportsClient survey
Home » Power of Data » Prepare for the quantum threat: why data protection must start now
Power of Data 2025

Prepare for the quantum threat: why data protection must start now

Abstract Fingerprint Biometric Technology Digital Art Futuristic Neon Pink Blue Light Scan Security Identity Authentication System Modern Design Background Image data wave hand
Abstract Fingerprint Biometric Technology Digital Art Futuristic Neon Pink Blue Light Scan Security Identity Authentication System Modern Design Background Image data wave hand

Jon France

CISO, ISC2

    Quantum computing is on more organisations’ radars, but many still see it as a future issue. The real threat, however, is already emerging.

    Adversaries are actively harvesting encrypted data now, with plans to decrypt it once quantum technology reaches scale. It’s a tactic known as ‘harvest now, decrypt later,’ and it poses a significant risk to sensitive data across all sectors — not just governments or critical infrastructure. 

    A gap in awareness and readiness

    Despite this, ISC2’s 2024 Workforce Study showed that only 36% of cybersecurity professionals believe quantum computing will negatively impact organisational security. That signals a worrying gap in readiness and investment, especially as NIST has now formalised post-quantum cryptography (PQC) standards and the UK’s NCSC has targeted 2035 as a transition deadline.  

    Many organisations still see the shift to quantum-safe cryptography as a niche or long-term concern, only for governments or tech giants. In reality, every organisation handling sensitive data must begin mapping its cryptographic dependencies and building crypto-agility — the ability to pivot to new encryption standards as they evolve. This is especially urgent in areas like IoT and embedded devices, where upgrades can be complex and time-consuming. 

    This isn’t happening in isolation. As AI continues to generate real-world security threats, from deepfakes to automated attacks, quantum introduces a parallel risk, undermining the fundamental building blocks of digital trust. The challenge isn’t choosing which to prioritise; it’s recognising that both require immediate attention. 

    If we wait for quantum to become
    mainstream, we’ll already be behind.

    Building crypto-agility and quantum resilience

    What should organisations do? First, assess where and how encryption is used across your infrastructure. Second, prioritise systems that will be hardest to update, especially IoT and embedded devices. Third, invest in your people. Upskilling cybersecurity teams and nurturing the next generation of talent is essential to long-term quantum resilience. 

    Our ISC2 Quantum Transition Task Force is developing strategic guidance to help cybersecurity professionals and organisations prepare for this shift. That includes practical insights into achieving crypto-agility and protecting long-term data confidentiality. 

    If we wait for quantum to become mainstream, we’ll already be behind. The groundwork must begin now to avoid greater consequences later. 

    Author
    Jon France
    Share Share
    Topics
    Power of Data 2025
    Next article