The era of post-quantum computing is approaching faster than expected. Businesses need to act now.
Many businesses face being exposed to serious cyber threats because quantum computing is set to arrive far more quickly than expected.
The threat quantum computers pose to asymmetric encryption has been known about since 1994 when Peter Shor developed Shor’s algorithm.
But given the immense compute power required, it’s long been seen as a challenge for another day.
Fast forward thirty years, and the age of quantum computing is approaching fast.
With first-movers already actively experimenting, PwC estimates it could be as little as five years before adoption begins to ramp up more broadly.[1]
However, with quantum processing power potentially quadrupling every year, the timeline for quantum rollout could shrink further.[2]
Anton Tkachov, Managing Director and Cybersecurity Transformation Lead at PwC UK, states: “We once believed the post-quantum era was a generation away. Today, it’s five years off; it may be even closer next year.”
The quantum encryption threat
As quantum computing advances, today’s asymmetric encryption will in time become obsolete and cannot be protected by just continuing to increase the key length.
Since cryptography underpins much of today’s digital infrastructure, this shift poses a serious threat.
“Cryptography underpins both – security of data at rest and authentication,” says Tkachov. “In the post-quantum era, both will be vulnerable.”
It’s not just future breaches that organisations need to worry about.
“Encrypted data stolen today is still safe—for now,” warns Tkachov. “But once quantum machines arrive, attackers will be able to crack that encryption, exposing sensitive information, intellectual property, and eroding customer trust.”
Data, such as mortgage approvals and medical records still hold huge value to bad actors, even years after it was first collected.
Knowing this, threat actors can stockpile stolen data and plan to unlock it the moment quantum technology catches up.
Barriers to modernising cryptography
In the face of this threat, organisations must start transforming their approach to cryptography.
“We know cryptography modernisation takes time,” explains Clinton Firth, Partner, Cybersecurity, PwC Middle East. “When the Data Encryption Standard (DES) was broken in 1997, it took many businesses nearly a decade to fully transition to the Advanced Encryption Standard (AES). This time, they don’t have such time to spare.”
Organisations face several critical challenges in preparing for the post-quantum era.
For example, recruiting talent is difficult due to the skillset required while implementing quantum-safe technologies. Having to rely on multiple vendors for quantum-ready technologies is another complicating factor.
Building quantum resilience
According to PwC, raising awareness of the quantum threat is the first step towards remediation.
“CISOs need to recognise that this is a real and immediate risk—not a problem for tomorrow. This needs to be clearly understood, elevated to the risk management function, and placed on the board’s radar and the organisation’s risk register,” says Firth.
From there, PwC recommends that organisations take the following actions:
- Appoint a quantum resilience officer to lead the post-quantum transformation. This role should drive capability development, engage with regulators, and champion the organisation’s encryption strategy.
- Revamp procurement processes to clearly define encryption requirements for all third-party vendors and partners.
- Develop a cryptographic inventory to map out the types, volumes, and locations of cryptographic algorithms in use. This baseline is essential for assessing risk and building a strategic transition roadmap.
- Analyse historical data loss to evaluate the potential future risk posed by compromised datasets in a post-quantum world.
These immediate priorities will help organisations build a foundation for the post-quantum world, with agility at its core.
Tkachov explains: “In the age of quantum computing, enterprises must be ready for a landscape where cryptographic algorithms may be broken repeatedly. The goal should be crypto agility—the ability to quickly adapt and transition to new encryption methods as threats evolve and standards emerge.”
To learn more about how organisations can prepare for the post-quantum world, register for PwC’s new webinar here.
To find out more about Clinton Firth, click here.
To find out more about Anton Tkachov, click here.
To learn more visit us here
This is for general information purposes only.
2025 PwC. All rights reserved
[1] PwC, “Quantum computing: is our data still safe?” January 2025 https://www.pwc.nl/en/topics/blogs/quantum-computing-is-our-data-still-safe.html
[2] Neven’s Law suggests that quantum computers are improving at a “doubly exponential” rate relative to classical computers. See: “A New Law to Describe Quantum Computing’s Rise?”
