Research highlights that quantum could unlock breakthroughs in industries like finance, pharmaceuticals, and logistics. Fujitsu has even demonstrated in smaller-scale quantum systems that they can overcome traditional encryption, underscoring that the shift is already underway.
Despite the promise of quantum computing, it remains absent from Gartner’s Top Strategic Technology Trends for 2024. As Bart Willemsen, Gartner VP Analyst, notes, “The immediate response to quantum computing is not expected to be very actionable in 2024-2025 or the immediate years after.”
However, this perceived delay is a double-edged sword. While the technology may not be widely deployed yet, the threat it poses—especially to our current encryption standards—is imminent. CISOs must act now to avoid being blindsided when quantum capabilities become fully realized.
Getting ahead of the quantum shift
Quantum computers that can break encryption aren’t here yet, but research is moving fast. Some companies, like Chrome, are already preparing by adopting Post-Quantum Cryptography (PQC) standards, such as OpenSSL version 1.3. However, the broader infrastructure—like PQC certificates from Certificate Authorities—is still catching up.
The smart move now is to focus on “quantum agility.” This means being ready to adapt quickly by knowing where your cryptography is used, building hybrid solutions that manage both classical and quantum threats, and staying on top of new developments. Step one? Get a clear view of where and how cryptography supports your systems. Without that foundation, it’s impossible to future-proof your security against what’s coming.
No dominant design yet: a race against time
The quantum landscape is fragmented, with competing models like superconducting, photonic, neutral atoms, and trapped ions technologies. Providers are racing to establish their designs as industry standards, but there is no time to wait for a clear winner. The threat quantum poses to encryption is so severe that waiting for a dominant design is a gamble no CISO can afford. The transition to quantum-safe encryption is not a choice but a necessity—and it needs to start now.
The urgency of post-quantum cryptography (PQC)
The European Parliament has already been warned: public key encryption as we know it will be broken when quantum computing reaches its potential. Transitioning to new cryptographic standards has historically taken over a decade—time we no longer have. The National Institute of Standards and Technology (NIST) has approved several PQC standards, but even with this progress, the risks loom large. Quantum technology is no longer a distant threat; CISOs must act swiftly to safeguard their organizations.
Quantum’s rise in the Netherlands: leading the way
In 2019, the Dutch government took a bold step with the National Agenda on Quantum Technologies, committing to substantial investments in research, ecosystem development, and education. This initiative aims to position the Netherlands as a global quantum leader. For businesses, this isn’t just an abstract ambition—it’s a clear signal that quantum technology is on the verge of reshaping industries.
Quantum’s transformative power lies in its ability to solve problems that were previously out of reach. From optimizing supply chains and revolutionizing materials science to advancing drug discovery, quantum computing promises breakthroughs that can redefine business strategies. However, the urgency goes beyond opportunities; quantum computing also poses serious challenges, especially to encryption and cybersecurity.
Organizations operating in the Netherlands are uniquely positioned to leverage the country’s leadership in quantum innovation. By preparing for quantum’s impact—starting with crypto agility and post-quantum cryptography—they can not only protect themselves against future threats but also gain a competitive edge in harnessing quantum’s potential for growth and transformation.
The question is no longer if quantum will impact your business but how prepared you are to seize its benefits while mitigating its risks.
Take the lead before it’s too late
Schuberg Philis has strengthened its position as a pioneer in quantum technology by developing the second and third practical quantum prototypes in the Netherlands. Collaborating with the Ministry of Finance and Leiden University, these groundbreaking efforts demonstrate how businesses can take quantum advancements from concept to reality.
But progress in prototypes is just the beginning. The real challenge lies in preparing for quantum’s disruptive potential—especially its impact on encryption, which underpins the security of sensitive business and government data. Current encryption methods will become vulnerable, requiring immediate action to adopt quantum-safe solutions.
Our leadership in quantum innovation positions it to not only build but also secure the future. By focusing on quantum agility now, businesses can protect their operations and leverage quantum technology as a transformative force rather than a looming threat. The opportunity is clear: lead with action, or risk falling behind.
Quantum security must start today
To survive the quantum disruption, CISOs should act now and prepare for future transitions.
Immediate Actions:
1. Conduct a comprehensive audit of cryptographic assets: Conduct a comprehensive audit of cryptographic assets: Start by identifying all areas across the organization where encryption is used. Knowing exactly where encryption is applied and understanding its dependencies is crucial for a smooth and agile transition to quantum-resistant protocols. Additionally, ensure that Post-Quantum Cryptography (PQC) is on the agenda of your IT supply chain and incorporated into tenders to guarantee alignment with future-proof security standards.
2. Prioritize long-term data protection: Identify sensitive data requiring confidentiality or digital integrity over the next 5-10 years. Prioritizing this data ensures that critical information remains secure and trustworthy, even as encryption standards evolve.
3. Ensure these actions are durable: the actions presented are not one-offs but need to become part of regular change process to ready your organization when sudden implementation is required.
Future Preparations:
4. Implement post-quantum solutions and hybrid models: Prepare for the future by adopting hybrid models that facilitate a gradual transition. This means ensuring that hardware and software can seamlessly handle PQC as it becomes available at scale. Building crypto agility now will minimize disruptions as quantum capabilities mature. Furthermore, crypto agility in suppliers should be a hard requirement in XaaS assessments and procurement conditions to ensure your supply chain is equally prepared for the quantum shift.
The responsibility lies with every CISO to assess their own landscape and begin preparing today. Waiting until Q-day, the day when quantum computing advances to the point that it can break the encryption methods, is not an option. CISOs need to move now to ensure their systems are ready for a world where quantum computers are a reality.
Re-defining data integrity: immutable backups as a quantum-resilient solution
Current discussions often emphasize encryption’s confidentiality aspect, but data integrity is equally critical. Quantum’s threat to digital signatures means organizations must re-evaluate their approach to maintaining data authenticity. We propose a forward-thinking solution: immutable backups. Unlike traditional methods, immutable backups ensure that data remains unchanged from the point of storage, providing an unalterable chain of custody.
This method guarantees data integrity, even when currently used digital signatures lose their reliability post-quantum. By leveraging immutable storage, organizations can ensure their data remains authentic, offering a legal and compliance-proof solution that safeguards their operations. This is not just a recommendation; it’s an urgent necessity.
Act now
The quantum era will redefine the cybersecurity landscape in ways that can’t be ignored. The timeline to act is shrinking, and those who delay will face severe consequences. Quantum technology is rapidly approaching mainstream capability, and current encryption methods will not withstand its power. CISOs must shift focus, initiate PQC migration preparations, and invest in hardware, software, and partnerships to secure their organizations before quantum capabilities fully materialize.
Prepare for a smooth transition
While planning for a gradual and controlled transition to quantum-resistant protocols is essential, organizations must also prepare for abrupt, incident-driven change. The sudden collapse of trust in security systems, as seen in the Diginotar breach, is a stark reminder of how quickly a cybersecurity incident can spiral into a crisis. The lessons from Diginotar emphasize the importance of not just proactive planning but also robust contingency measures to handle worst-case scenarios. Quantum threats could trigger similar disruptions if not adequately prepared for, making crypto agility and incident response capabilities critical components of any strategy.