Brief

How Businesses Can Prepare for Post-Quantum Cybersecurity Threats

Your company will soon face attackers armed with quantum technology. Will you be ready?

By Syed Ali, Frank Ford, Mark Leggate, and Alexandra Juegelt

min read

}

At a Glance

Quantum computing is advancing fast and will soon be able to break today’s encryption, putting data and systems at risk.
Most businesses are unprepared, and leadership often underestimates how soon quantum-enabled attacks could hit.
Waiting for vendors, regulators, or peers to act is risky; companies must own and lead their quantum-risk response.
A quantum-ready strategy starts with visibility into cryptographic exposure and requires urgent, coordinated action across tech, risk, and governance.

Quantum computing introduces a step-change in computational power that threatens today’s digital security foundations. Once a large-scale quantum machine is available, it can break widely used encryption methods that underpin everything from financial transactions to secure corporate communications.

Most businesses are unprepared for this change, leaving them vulnerable to quantum attacks that are no longer just theoretical or far into the future. Bain research shows that executives already anticipate this threat: About 71% expect quantum-enabled attacks within five years, and almost a third believe it could be as soon as three. Nearly 65% of business, IT, and cybersecurity leaders realize that quantum computing will have a strong adverse effect on cybersecurity risk.

Those risks are bearing down on businesses quickly: Quantum computing has made rapid progress over the past year, including significant achievements by IBM, Google, and other leaders that make quantum computing more stable, reliable, and fault-tolerant. At a certain threshold, quantum computing will be able to easily and quickly break asymmetric cryptography protocols such as Rivest-Shamir-Adelman (RSA), Diffie-Hellman (DH), and elliptic-curve cryptography (ECC) and reduce the time required, weakening symmetric cryptography such as advanced encryption standard (AES) and hashing functions (see Figure 1). Part of the solution is to implement post-quantum cryptography (PQC) standards using lattice, code, and longer hash-based schemes. Without action, quantum-powered attacks could instantly break classical cryptography, exposing decades of encrypted data and compromising real-time systems.

visualization — Quantum computing will make today’s cryptography obsolete, affecting every area of IT infrastructure

The critical differences from today’s threats are not just new methods of attack, but their scale and speed. Quantum computing will make it possible to decrypt vast archives of stolen data within hours, forge digital signatures, and break into communications channels that are deemed secure using today’s computing power. Only 11% of surveyed companies believe their existing safeguards, standards, and controls will remain within risk tolerance thresholds over the next 5 years in the face of quantum threats. Beyond these new types of attacks powered by quantum computers on current controls, terabytes of sensitive data already harvested by nation states and criminal groups over the last several years—spanning defense designs, chip architectures, energy technologies, and state secrets—will also become accessible and exploitable.

In addition to accelerating attack velocity, quantum computing will make it possible to identify and weaponize previously undiscovered or “zero-day” vulnerabilities faster, and malware will become more targeted, adaptive, and resilient. Combined with AI, quantum computing could enable sophisticated social engineering attacks at scale, multiplying the effectiveness of phishing, impersonation, and fraud. Existing defenses, built on assumptions about computational difficulty, will collapse almost overnight.

Own the risk

Bain’s research shows that only about 10% of companies have a funded, resourced roadmap, backed by leadership, to address the risks of quantum computing. Many are taking a “wait and see” approach, relying on third parties like vendors, regulators, or peers to lead the way. About a quarter of executives say they plan to depend on external partners for quantum-resistant upgrades. That’s risky for at least three big reasons:

Vendor updates will focus on their solutions within the broader enterprise technology stack. Senior tech leaders in your company will need to develop workarounds for other areas in the stack that don’t receive post-quantum cryptography updates from vendors.
Risk can’t be outsourced. Security accountability stays within the organization. Relying too heavily on vendors means exposure to their pace, priorities, and risk tolerances—which may not align with your organization’s thresholds or timing.
Compliance rests on the organization, not vendors. Regulatory pressure is rising, especially in fields like healthcare and finance. Third-party dependencies won’t shield companies from fines or litigation.

Many companies we surveyed also rely on regulatory bodies that have started to publish post-quantum cryptography transition standards and guidance. However, adopting these guidelines and solutions also isn’t enough for the following reasons:

Regulatory guidance often lags actual risk. By the time rules are in place, quantum attacks may be viable and data already exposed.
Published algorithms have already proven insecure. Recently published algorithms from standards bodies such as the National Institute of Standards and Technology (NIST) in the US may not have been mathematically decrypted yet because they haven’t faced attacks from quantum computers. However, most of the post-quantum algorithms have been compromised by practical attacks using computing power that is available today. These attacks exploit flaws in how the algorithms are implemented, designed, and deployed. That means every element of your cryptographic strategy matters: which algorithms you choose, where you deploy them—especially around your most sensitive and important assets—and how you manage the rollout.

Other companies are looking to their peers: 18% of executives expect to leverage shared frameworks and peer guidance.

Third-party input is important, but it is only part of the answer. Companies need to own the quantum computing risk and mitigation plan from the top down, starting with a thorough understanding of the current state. Only 52% of surveyed companies said they have a current and accurate understanding of the location and security posture of their sensitive data across their environments. Only 38% have a well-maintained, comprehensive inventory of cryptographic standards across their environments and visibility into how they are applied. Both are critical aspects of the first step in a comprehensive approach to becoming quantum-ready: building a full picture of cryptographic readiness.

The path forward

The good news is there’s broad agreement about what a comprehensive approach for becoming quantum-ready looks like.

Step 1. Build a full picture of cryptographic exposure across the entire environment and set out a robust roadmap that includes:

Types of cryptographic algorithms, protocols, and keys in use and their locations
Data sensitivity and shelf-life, including a map of temporal data sensitivity compared to crypto strength
Crypto elements that are vulnerable to quantum
Third-party products in use with timelines for post-quantum cryptography upgrades

Step 2. Strengthen critical cybersecurity capabilities, such as identity and access management, vulnerability management, and incident response, to withstand quantum risk. This could include reshuffling current cybersecurity transformation programs to manage the changing risk landscape (see Figure 2).

Step 3. Make sure your tech stack and vendor ecosystem are quantum-ready and crypto-agile. This means building in cryptographic flexibility, applying post-quantum hybrid-crypto approaches across crown jewel environments, embedding vendor compliance requirements, and conducting third-party product evaluations for post-quantum cryptography readiness. Only 12% of companies that Bain surveyed consistently apply quantum-readiness as a key criterion during vendor procurement and solution risk assessments.

Crypto-agility is the ability to quickly adopt and switch between cryptographic algorithms—without disrupting the infrastructure or the business applications running on top of it. A hybrid-crypto approach combines a classical algorithm (such as elliptic-curve Diffie-Hellman [ECDH]) with a post-quantum key encapsulation mechanism (such as Kyber) to create a shared symmetric key, which is then used to encrypt data (typically with AES). This layered defense ensures that even if the classical algorithm is broken by a quantum attack, the post-quantum algorithm (such as Kyber, Dilithium, or Falcon) remains resilient.

Companies should also reduce their reliance on legacy defenses like isolation and air-gapping. Physically or logically isolating systems doesn’t protect against threats like insider attacks or vulnerabilities in the supply chain.

Step 4. Modernize architecture and DevOps to enable scalable crypto-agility. This includes decoupling cryptographic logic from business logic through modular interfaces; embedding quantum-resilient controls into the software development life cycle; and upgrading apps, APIs, and microservices developed in-house.

Step 5. Update cybersecurity policies and controls to withstand quantum-era threats. Implement quantum-safe key management and cryptographic standards and deploy interim controls to mitigate risks from legacy cryptography during the transition to post-quantum cryptography.

Step 6. Integrate post-quantum risks into governance, risk, and compliance frameworks by embedding post-quantum cryptography considerations into business decision making, updating business impact assessments and risk models to reflect quantum-era threats, tracking evolving regulatory standards (for example, NIST and ISO), and establishing clear post-quantum cryptography accountability and capability investment.

Step 7. Drive organizational readiness and change enablement to support quantum resilience by continuously updating the post-quantum cryptography roadmap aligned with business priorities and changing threat landscape, delivering targeted training and awareness programs, and updating business continuity plans to address potential crypto-attack scenarios.

These measures apply not only to internal systems, but also to market-facing products, such as medical technology with embedded digital components. This means organizations need to upgrade their own hardware and software, while ensuring the products they sell are quantum-resilient, too. Only 10% of executives Bain surveyed say they have a plan in place. To date, most progress has focused on technology initiatives, leaving the more complex, cross-functional topics for later.

Still time to act

While many expect we have about 3 to 5 years before quantum security risks are real, it could easily take 5 years for many companies to identify and implement quantum-resistant solutions. It could take even longer given the scale of the problem and the complexity of identifying vulnerable systems, upgrading cryptographic infrastructure, aligning with evolving standards, and coordinating across internal teams and external partners. Organizations that are heavy with legacy infrastructure may be particularly vulnerable—and more attractive targets for attackers.

According to Bain’s research, 90% of executives say they don’t have a plan and haven’t allocated budgets or resources to start their transition. Many expect cybersecurity budgets to increase, but resources and time are already limited so any further delay will likely result in higher costs and expose businesses to existential-level cybersecurity risk. Post-quantum cryptography readiness is essential for all companies. Preparations, leadership support, and proactive planning over the coming months are essential to mitigate a very complicated risk in a short time. Boards and executives should prioritize and resource the necessary work to guard against this rising threat before it’s too late.

Glossary (click to expand)

Advanced encryption standard (AES) is a symmetric encryption algorithm that encrypts data in 128-bit blocks, with multiple rounds of processing. It’s considered highly secure and used as a global standard by governments and agencies.

Diffie-Hellman (DH) is a key-exchange protocol that lets two parties create a shared, secret key over an insecure channel for use with asymmetric encryption algorithms.

Elliptic-curve cryptography (ECC) is an asymmetric encryption algorithm based on elliptic curves that can provide strong security with shorter keys than systems like RSA.

Elliptic-curve Diffie-Hellman (ECDH) combines elliptic-curve cryptography to the Diffie-Hellman key-exchange protocol to provide equivalent security with smaller key sizes.

Hashing is a cryptographic technique used to validate data integrity. It creates a “fingerprint” of data, which can be used to verify subsequent instances of that data—useful for things like password storage or file verification.

Kyber is a cryptographic algorithm that allows two parties to establish a shared key over an insecure channel, designed to function in a post-quantum environment.

Lattice-based structures, code-based encryption, and longer hash-based cryptography are all methods to build resistance to quantum computers.

Rivest-Shamir-Adelman (RSA) is an asymmetric encryption protocol used for secure data transmission and digital signatures, among other uses. Its security rests on the difficulty of factoring two large prime numbers used to create a public key.

Symmetric and asymmetric encryption. Symmetric encryption uses a shared key for both encryption and decryption. It’s faster but considered less secure than asymmetric encryption, which uses a public key for encryption and a private key for decryption. Asymmetric is considered more secure, but it’s still vulnerable to future quantum computing attacks.