Quantum Countdown: Why Post-Quantum Cryptography Must Become a Global Priority

As the race toward building quantum computers accelerates, cybersecurity leaders are sounding the alarm: the time to prepare for a post-quantum world is now. With the potential to break today’s most trusted encryption methods, cryptographically relevant quantum computers (CRQCs) pose a seismic threat to secure communications, financial data, and the foundations of global digital infrastructure. Yet, alarmingly, many organizations still aren’t treating the issue with the urgency it demands.

At the Infosecurity Europe conference, experts urged companies and governments to shift gears and act decisively. The panel underscored one essential truth: the quantum threat isn’t science fiction anymore. It’s a looming reality, and those who fail to transition to post-quantum cryptography (PQC) could be left dangerously exposed.

Quantum Threat: The Urgent Call for Post-Quantum Security (Summary)

During Day One of the Infosecurity Europe conference, experts gathered to address the escalating risks posed by cryptographically relevant quantum computers (CRQCs). These advanced systems, once realized, will be capable of breaking the asymmetric encryption techniques that currently secure our digital infrastructure. The panelists emphasized that this is not an insurmountable threat — but that many organizations, especially those relying on vulnerable supply chains, are far behind where they should be.

Karl Holmqvist, CEO of Lastwall, warned that long-duration secrets — sensitive data that must be protected for years — are particularly at risk. He noted with concern that many companies still adopt a “deal with it later” attitude, which is dangerous considering the irreversible damage quantum decryption could cause.

Santander’s Dan Cuthbert urged CISOs to start pressing vendors about their PQC readiness. He emphasized the importance of demanding clear roadmaps and pushing suppliers to carry the financial weight of the transition. Holmqvist extended this argument, recommending that clients request Cryptographic Bills of Materials (CBOMs) from their vendors to gain full transparency into the encryption tools embedded in software products.

IBM’s Anne Leslie highlighted how some competitors are now collaborating to share knowledge and strategies, stressing that this collective action can help bridge knowledge gaps. She also suggested that regulations like NIS2 and DORA could become essential allies in pushing board-level prioritization for crypto-hardening efforts.

As for first steps, Holmqvist advised companies to identify and prioritize their most critical data assets — the so-called corporate “crown jewels.” After that, a thorough audit of current cryptographic practices and vendor systems should follow. Cuthbert emphasized the need to analyze data flows and use CBOMs to map and future-proof encryption measures across the organization.

What Undercode Say:

The rising concern about quantum computing isn’t just theoretical anymore — it’s a practical, imminent threat with very real consequences. Asymmetric encryption, which underpins everything from online banking to classified military communications, may not survive the quantum leap.

What’s striking in this panel is the convergence of urgency from different sectors — banking, software, infrastructure, and cloud services. The quantum computing threat challenges not just the encryption layer, but the entire philosophy of long-term data security. As Holmqvist pointed out, this isn’t just about reacting quickly once quantum computers emerge. It’s about preparing now to protect data that needs to remain secure for decades.

One overlooked but critical aspect is supply chain vulnerability. Organizations often rely on third-party vendors for essential services, but these vendors might not be prepared for a post-quantum world. Without transparency into their cryptographic strategies — via tools like CBOMs — businesses are exposing themselves to avoidable risks. CISOs need to shift their procurement standards, making PQC-readiness a minimum requirement, not a bonus feature.

The role of regulations like NIS2 and DORA is also worth underlining. These frameworks are not just about compliance — they’re about resilience. They empower CISOs to make the business case for investment in cryptographic infrastructure, especially in boardrooms that may otherwise see PQC as a non-urgent cost.

However, preparedness must go beyond audits and vendor questionnaires. It requires cultural change, where encryption strategies are proactive, transparent, and prioritized. This means involving legal, compliance, IT, and executive leadership in building a unified roadmap for the post-quantum future.

Another powerful takeaway is the notion of shared knowledge. In an era of increasingly sophisticated cyber threats, collaboration — even between competitors — may be our strongest defense. Sector-based working groups, standardization efforts, and mutual support channels could prove pivotal in accelerating PQC adoption.

Ultimately, the quantum clock is ticking. Organizations that take early, strategic action will have a substantial security advantage. Those that delay risk more than just data breaches — they could face total operational disruption in a post-quantum breach scenario.

Fact Checker Results ✅

Quantum computers will eventually be capable of breaking RSA and ECC encryption.
NIS2 and DORA do include ongoing cryptography requirements for regulated entities.
CBOMs are a valid and increasingly recommended practice for crypto transparency 🧠🔐🕵️

Prediction 🔮

By 2027, at least 40% of large enterprises will have implemented post-quantum cryptography in mission-critical systems, driven by both regulatory pressure and market demand. Vendors lacking a clear PQC roadmap will face growing customer scrutiny, leading to widespread adoption of CBOMs as a new industry standard. As the first practical quantum machines emerge within the next decade, those who delay will scramble to retrofit security — often too late to avoid fallout.