Quantum might seem like a buzzword, but it already has some real-life implications for many fields and industries. The latest developments in the application of quantum mechanics, specifically when used in creating quantum computers, should enable organisations to speed up complicated mathematical processes often used within research and development, data science and other fields requiring large computing power. However, these advances in computational capability will threaten cryptographic algorithms which rely on mathematical complexity as the bedrock of their security. This means that some forms of cryptography like public-key cryptography will likely be cracked with quantum computers. This means organisations need to rethink how they use cryptography so that online transactions, secure messaging and digital signatures stay safe in the future.

Although this might seem like a relatively straightforward issue, it is not. Not only does the transition to quantum-safe cryptography (also called Post-Quantum Cryptography, PQC) take years, scientists are not sure when quantum computers will be powerful and stable enough to crack public-key cryptography. This leads to a dilemma for leaders responsible for cybersecurity: should I invest now in a threat that has not yet materialised? Exacerbating this ambiguity on timing is the fact that attackers today are already harvesting data with a view to being able to decrypt it at a later date when quantum computers are sufficiently mature – in so-called “Harvest-now, Decrypt-later” attacks.

Together with the World Economic Forum, we take a look at the threat of quantum computers to cybersecurity with business leaders, policymakers, NGOs (non-governmental organisation), regulators and academics. Many organisations indicated that more guidance is needed on "how and when" they need to act. At the same time, organisations can start preparing for the quantum threat by:

• creating awareness and educating senior leaders on the quantum threat before it fully materialises so that updates to cryptography are not done in a reactive mode
• developing an initial strategy and roadmap, including considerations for various solutions and technologies, including crypto-agile solutions, that permit quick interchanges of cryptographic algorithms
• ensuring executive buy-in before the threat materialises
• leveraging hybrid solutions, where having the security of classical solutions is layered with novel post-quantum technologies

This report calls for business leaders, policymakers, NGOs, academics and regulators to consider today how the quantum threat might not only affect them, but also their ecosystem and industry. Cooperating across organisations might boost readiness for the quantum threat and help mitigate third-party risk.