Quantum might seem like a buzzword, but it already has some real-life implications for many fields and industries. The latest developments in the application of quantum mechanics, specifically when used in creating quantum computers, should enable organizations to speed up complicated mathematical processes often used within research and development, data science, and other fields requiring large computing power. However, these advances in computational capability will threaten cryptographic algorithms which rely on mathematical complexity as the bedrock of their security. This means that some forms of cryptography like public-key cryptography will likely be cracked with quantum computers. This means organizations need to rethink how they use cryptography so that online transactions, secure messaging, and digital signatures stay safe in the future.

Although this might seem like a relatively straightforward issue, it is not. Not only does the transition to quantum-safe cryptography (also called Post-Quantum Cryptography, PQC) take years, scientists are not sure when quantum computers will be powerful and stable enough to crack public-key cryptography. This leads to a dilemma for leaders responsible for cybersecurity: should I invest now in a threat that has not yet materialized? Exacerbating this ambiguity on timing is the fact that attackers today are already harvesting data with a view to being able to decrypt it at a later date when quantum computers are sufficiently mature – in so-called “Harvest-now, Decrypt-later” attacks.

Together with the World Economic Forum, we take a look at the threat of quantum computers to cybersecurity with business leaders, policymakers, NGOs (non-governmental organization), regulators, and academics. Many organizations indicated that more guidance is needed on "how and when" they need to act. At the same time, organizations can start preparing for the quantum threat by:

• creating awareness, and educating senior leaders on the quantum threat before it fully materializes so that updates to cryptography are not done in a reactive mode
• developing an initial strategy and roadmap, including considerations for various solutions and technologies, including crypto-agile solutions, that permit quick interchanges of cryptographic algorithms
• ensuring executive buy-in before the threat materializes
• leveraging hybrid solutions, where having the security of classical solutions is layered with novel post-quantum technologies

This report calls for business leaders, policymakers, NGOs, academics, and regulators to consider today how the quantum threat might not only affect them, but also their ecosystem and industry. Cooperating across organizations might boost readiness for the quantum threat and help mitigate third-party risk.