Quantum Computing: Securing the Future Now

November 2025, Daryl Flack, Partner

Published on: teiss

Quantum computing is slowly beginning to register on the radar of some organisations, particularly those operating in critical national infrastructure (CNI). More broadly, however, awareness across industries remains patchy. Many firms are still in the very early stages of understanding the quantum risk, and many others are not engaged at all.

For years, cryptography has been one of the most stable elements of digital infrastructure. The algorithms protecting our communications, financial transactions, and personal data have changed little over the past two decades. This long period of crypto-stability has bred complacency. Organisations have come to assume that encryption “just works”, that vendors will take care of it, or that it is an issue for the future. But the threat from quantum computing is not a distant concern. It is already materialising in ways that demand attention today.

Long-life and confidential data: the real point of exposure

When we talk about the quantum threat, it’s easy to picture a futuristic risk: an ultra-powerful computer suddenly rendering all encryption obsolete overnight. The reality is more nuanced and more immediate. The most immediate danger lies in long-life and confidential data: information that must remain confidential and verifiable for decades to come.

Legal records, genomic data, state secrets, medical research, and sensitive corporate archives all fall into this category. These are not transient data sets. They underpin justice systems, scientific progress, and national security. If they are ever decrypted or compromised, the damage may be irreparable.

Adversaries know this. Many are already pursuing “harvest now, decrypt later” strategies, stealing encrypted information today with the expectation that it can be decrypted once quantum capabilities mature. When that happens, decades of confidential material could suddenly be exposed. The long-term nature of this risk means that the clock for protecting such data has already started ticking.

Organisations that rely on encryption to safeguard data with long retention or enduring value cannot afford to wait to protect their confidential data assets. The data being created and stored now must be protected from malicious exfiltration. Otherwise, vast troves of information that we thought were secure will be able to be accessed once a quantum relevant computer becomes available.

A false sense of crypto-stability

The world of cryptography has changed little for years, and that stability has created a false sense of security. The transition to quantum-safe algorithms represents a once-in-a-generation shift, one that few organisations are prepared for.

Cryptography is woven deep into every layer of modern systems: applications, operating systems, network protocols, Internet of Things (IoT) devices, and operational technology (OT) environments. Many organisations have limited visibility into where and how cryptographic mechanisms are used across their estate. Some rely on outdated or undocumented implementations, which makes discovery and transition particularly complex.

The National Cyber Security Centre (NCSC) has provided a clear roadmap for action. By 2028, organisations should have completed discovery and planning, understanding where cryptography is used and setting migration goals. By 2031, priority systems should begin migrating to post-quantum solutions. By 2035, full migration must be complete.

Those dates may seem like far away, but given the complexity of identifying cryptographic dependencies across legacy systems and the challenge of replacing them with quantum resistant ones, the planning and implementation window in complex systems could take many years to achieve. The sooner organisations begin, the better positioned they will be when quantum computing reaches maturity.

Shouldering and sharing responsibility

There is a widespread assumption that major technology vendors will handle the post-quantum transition on behalf of their customers. While vendors will undoubtedly play an important role, responsibility for cryptographic resilience must lie with each individual organisation.

The risks from quantum computing are not confined to specific technologies or suppliers. They extend to every point where encryption underpins trust - from secure communications to digital signatures and identity verification. Organisations that take a passive stance, waiting for external solutions, will find themselves constrained by dependency, complexity, and timing.

The prudent approach is to begin internal discovery and planning now, aligning technical, legal, and operational priorities around the protection of long-life or confidential data. Migration to post-quantum cryptography will not be a single event but an ongoing process, requiring crypto-agility, the ability to switch algorithms and standards without re-engineering entire systems.

Balancing innovation and risk

Quantum computing, particularly when combined with AI, will transform industries ranging from finance and logistics to healthcare and climate science. It will solve optimisation problems that have long been beyond the reach of classical systems, driving smarter cities, sustainable energy grids, and breakthroughs in drug discovery.

But like all transformative technologies, quantum computing is a double-edged sword. The same capabilities that will revolutionise data processing will also enable attackers to break the cryptographic systems that have secured the digital economy for decades. Quantum decryption of today’s data crown jewels would undermine everything from privacy and intellectual property protection to the integrity of state communications.

For this reason, the protection of long-life and confidential data must be elevated from a technical challenge to a strategic imperative. It is not just about maintaining compliance or avoiding disruption. It is about preserving the confidentiality, authenticity, and trustworthiness of information that societies depend on for stability.

Start the discovery phase

Every organisation should begin with discovery: understanding where cryptography exists within systems, applications, and data flows. This requires engagement across security, legal, and IT teams to map dependencies and classify data by sensitivity and lifespan.

From there, the focus must turn to prioritisation. Long-life and confidential data, whether that is health records, court documents, or scientific research, must be identified and protected using algorithms designed to withstand future quantum attacks. Systems should be designed to be crypto-agile, allowing for adaptation as standards evolve.

Finally, planning must extend beyond technology. Leadership engagement, investment planning, and policy alignment are critical. Quantum resilience must be embedded into enterprise risk management, rather than treated as an isolated security project.

Decisive action for resilience

Quantum computing is not an abstract or distant risk. The countdown to quantum has already begun. The NCSC’s timeline provides clarity, but it also sets a clear expectation for full adoption by 2035. Those that wait may find that the data they most need to protect, the long-life and confidential records underpinning law, science, and national security, are already exposed to future decryption.

The post-quantum era will not arrive overnight, but when it does, the transition will be unforgiving. Acting now decisively will carry your organisation with trust and resilience into the quantum future.