Quantum Quake Incoming? Leaders React to Forrester’s Encryption Warning
Forrester Research just unleashed a wake-up call: “Believe the hype about Quantum Security!”
Quantum computing is barreling toward us, threatening to obliterate today’s encryption systems with unprecedented power.
But are tech and business leaders as rattled as Forrester claims, or is this quantum storm still years away?
We went all-in, interrogating top tech visionaries, C-suite titans, and industry trailblazers for their unfiltered takes.
Do they see an urgent need to act now, or is the timeline overhyped?
From blockchain pioneers to cybersecurity gurus, their candid insights—backed by Forrester’s 2024 report highlighting quantum’s experimental but disruptive potential—map out a bold strategy for navigating the chaotic quantum security frontier.
Read on!
Patrick Scully
Data and network security in a quantum era should definitely be top of mind for C-suite executives across all industry segments, from financials, health care, manufacturing, power generation and distribution to all levels of government agencies.
The “Harvest Now, Decrypt Later” threat mentioned in the report and the inherent risks it poses when considering the Mosca Inequality Theorem as described in the annual Quantum Threat Timeline Report 2024 should create a sense of urgency to map out the threat to any organization and define and implement an action plan to mitigate that threat.
That same report also loosely aligns with the higher end of the Forrester report for the availability of a quantum computer capable of breaking today’s classical key exchange and digital signature algorithms, i.e. around 10 years, as assessed by a group of 32 global experts from academia and industry. In contrast, the Swiss Financial Innovation Desk (FIND) published a report in March indicating the threat could come as soon as 2028, a mere three years away.
No matter the timeline one chooses to believe, three years or 10 years, the Mosca Inequality indicates that today’s encrypted data is already at risk when considering the shelf life of information transiting across global networks, be it personal information, financial data or even more critical information related to national security.
Another factor to understand is that often these predictions are based on a specific definition for quantum computers capable of breaking those classical algorithms, i.e. a Cryptographically-Relevant Quantum Computer (QRQC). The definition used in the Quantum Threat Timeline Report is “a quantum computer able to break RSA-2048 in 24 hours.”
But what if that 24-hour definition was only arbitrary? Certainly, speed is an important factor. Today’s classical cryptography algorithm’s security is based on the fact it would require hundreds or thousands of years, if not more, to be compromised. However, what if a quantum computer could break RSA not in 24 hours but perhaps in 72 hours, or even a week? And what would that timeline be? Very likely much earlier than the above predictions.
Considering the above, it is imperative for leaders and executives across all types of organizations to start evaluating their risks and implementing mitigation strategies as soon as possible, as sensitive data is already at risk.
In my opinion, a defense-in-depth strategy to mitigate those threats and protect critical information should consider not a single technology solution but rather a comprehensive Quantum-safe approach to data and network security.
Patrick Scully
Chief Product Officer, Quantum Corridor
Gyan Chawdhary
As someone who works in cybersecurity, I’m always keeping an eye on the latest developments that could change the way we protect our data. One of the most interesting (and a bit worrying) trends right now is quantum security. Here’s what it is, why it matters, and what it means for our digital safety.
What is Quantum Security?: Quantum security is all about the intersection of quantum computing and cybersecurity. It’s the idea that while quantum computers might one day break the encryption systems we rely on today, they also hold the potential to create new, stronger ways to secure data. Think of it as a double-edged sword: quantum tech could both threaten and protect our data.
Why is Quantum Computing a Threat to Current Security Systems?: The big concern with quantum computing is its power to crack current encryption methods that are hard for regular computers to break. Many of today’s encryption systems depend on math problems (like factoring large numbers) that are really tough for traditional computers to solve. But quantum computers can do this much faster and more efficiently. If they can break these systems, sensitive data we thought was secure could be exposed.
How Does Quantum Key Distribution (QKD) Help?: Quantum Key Distribution (QKD) is a cool way that quantum technology could actually help protect data. It uses the unique properties of quantum mechanics—like how particles behave in unpredictable ways—to create a communication system that’s nearly impossible to intercept. If anyone tries to eavesdrop on a QKD-protected message, the system immediately knows and alerts the sender and receiver. It’s a bit like having a super secure lock that only you and your trusted partner can open, and anyone else trying to tamper with it will instantly be noticed.
Will Quantum Computers Really Break Encryption Anytime Soon?: Right now, we’re still a long way off from having quantum computers that can actually break encryption. While quantum computers are progressing, the large-scale machines that could potentially crack today’s systems aren’t here yet. That being said, cybersecurity experts agree we shouldn’t wait for them to arrive before preparing. The time to start thinking about quantum-safe encryption is now, so we’re ready when the technology does become a real threat.
How Should Businesses Prepare for the Quantum Era?: For businesses, the best way to get ready is to stay informed. This means researching quantum-safe encryption options and exploring technologies like QKD where possible. It’s also about keeping up with the latest in quantum research to stay one step ahead. Businesses should think about working with cybersecurity experts to figure out how to make sure their data is protected, both now and in the quantum future.
What Are Some Challenges to Quantum Security?: There are definitely some challenges. For one, quantum technology is still pretty new, and we don’t yet have widespread, reliable solutions for quantum security. While it’s exciting, it’s also complicated and costly to implement things like QKD, especially at a large scale. Plus, making sure these new solutions work seamlessly with existing systems can be tricky. So, while it’s important to start thinking about quantum security, it’s also a journey that will take time.
In the end, quantum computing might offer some amazing benefits, but it’s also going to shake up how we think about digital security. By staying on top of the latest developments and planning ahead, businesses can make sure they’re prepared for a future where quantum technology plays a major role in cybersecurity.
Gyan Chawdhary
Vice President, Kontra, Security Compass
Trevor Young
As a cybersecurity solutions expert, I’ve been keeping a close eye on how quantum computing is both a threat and a potential savior in our digital landscape. It’s a game-changer, and we need to understand it thoroughly.
Quantum security essentially refers to the techniques and technologies designed to protect information systems from threats posed by quantum computers. Traditional cryptography relies on mathematical problems that are currently very difficult for classical computers to solve. However, quantum computers, with their ability to perform calculations in fundamentally different ways, could potentially break these systems. That’s why we need to act now. We’re not just preparing for a distant future; quantum computing is rapidly advancing, and we need to build defenses before it’s too late.
The most significant threat is the ability of quantum computers to crack widely used public-key encryption algorithms like RSA and ECC. These algorithms underpin much of our online security, from secure websites to digital signatures. Shor’s algorithm, in particular, demonstrates the potential for quantum computers to efficiently factor large numbers, which is the basis for RSA’s security. If a powerful enough quantum computer becomes available, it could compromise vast amounts of sensitive data that are currently considered secure.
What are some of the promising quantum-resistant cryptographic solutions being developed?
We’re seeing a lot of exciting work in post-quantum cryptography (PQC). This involves developing new cryptographic algorithms that are believed to be resistant to attacks from both classical and quantum 1 computers. Leading candidates include lattice-based cryptography, code-based cryptography, multivariate cryptography, and hash-based cryptography. 2 NIST (National Institute of Standards and Technology) has been running a standardization process to select and promote these new algorithms, which is a crucial step towards widespread adoption.
The quantum revolution in security is coming, and it’s a race against time. Proactive planning and adaptation are our best defenses. Don’t wait until the quantum threat is fully realized; start building your quantum-safe infrastructure now.
Trevor Young
Chief Product Officer, Security Compass
Martin Needs
I believe Quantum Security is a critical area of focus, especially as quantum computing advances. While the Forrester Research report highlights its growing importance, I think the hype is justified.
As quantum technologies evolve, they could potentially disrupt current cryptographic systems, making it essential to prepare for the future of cybersecurity. However, it’s still early, and we need to continue monitoring developments closely.
Martin Needs
Founder & CEO, Cyber Companies
Luca Dal Zotto
As a co-founder of a technology company tasked with managing sensitive client data on hundreds of Apple devices, I’ve had tremendous experience studying quantum security threats and implementing state-of-the-art protection measures that balance practical threats against operational needs.
The quantum security crisis needs a wake-up call, but it needs to be built correctly. Forrester has the right to sound the alarm, but timing is everything. The RSA and ECC encryption employed to protect 94% of internet traffic will actually be at risk when fault-tolerant quantum computers have reached sufficient qubits—but that’s still 5-8 years away, according to the most responsible estimates. Quantum machines with 1,000+ qubits still lack the stability and error correction to break commercial encryption.
Our tech operations have followed a phased implementation based on threat modeling. Analyzing our data exposure, we realized that 38% of our sensitive data would be exposed for years more than its useful lifespan. This “harvest now, decrypt later” threat led us to use quantum-resistant algorithms for long-lifecycle data while retaining traditional encryption for short-lifecycle data.
The National Institute of Standards and Technology (NIST) has completed four quantum-resistant algorithms following a rigorous 6-year testing period. These are tangible solutions for those worried about quantum attacks. However, they come with a big problem: Integrating them incurs substantial overhead—our early tests revealed a 12-27% performance overhead over traditional encryption.
Most companies need to prioritize quantum readiness before bulk migration in the near term. That involves taking stock of cryptographic assets (76% of companies have not yet done this), quantifying data lifecycles, and creating migration roadmaps. The price of quantum security readiness is high but manageable if phased correctly – usually 4-7% of cybersecurity investment over a multi-year rollout.
The quantum security threat is both a real risk and a potential source of differentiation. Those who address it strategically, not reactively, will gain a competitive edge in highly regulated markets where security posture increasingly influences consumer decisions.
Luca Dal Zotto
Co-founder, Rent a Mac
Troy Nelson
By far, the most exciting progress in quantum computing recently has been the hardware developments that have been taking place. Software and algorithms mean nothing without a functioning machine to run them on. Seeing progress in error correction on Amazon’s Ocelot chip and the new type of topological qubit in Microsoft’s Majorana chip are key developments that are bringing us closer to the quantum computing future.
The risks actually exist today. Our adversaries have been conducting data collection campaigns known as “Store Now, Decrypt Later” (SNDL), where significant effort and resources are invested in capturing encrypted Internet traffic today, which will be stored until the day a cryptographically relevant quantum computer (CRQC) exists. At that time, all of the collected data will be easily decrypted. The salient point is that if secrets being sent today need to stay secret, we need to start using quantum resilient cryptography.
NIST has led the charge over the last seven years to develop quantum resilient algorithms that we can use today on classical computers. The most important of these is ML-KEM, which should be deployed today to protect against SNDL. Deploying in a hybrid mode—pairing a classical algorithm with a quantum resilient algorithm—has slightly lower overhead but provides the best of both worlds in terms of security and protection of data.
Ultimately, the arrival of a practical quantum computer will touch every facet of modern life, and we seem to be on the precipice of that transformation.
Steve Tcherchian
I’ve been saying this for years now. Quantum security isn’t hype—it’s a ticking clock. The threat isn’t about today’s capabilities; it’s about the encrypted data being stolen now to be broken later with quantum power. Smart organizations are preparing now, not because quantum is mainstream, but because once it is, it’ll already be too late.
How smart organizations are preparing: Inventorying where encryption is used, ensuring systems are crypto-agile, and beginning to test post-quantum cryptographic algorithms aligned with NIST standards. Most importantly, they’re identifying sensitive data with long-term value that could be harvested now and decrypted later and protecting it today.
It’s not hype—it’s being ready before the clock runs out and quantum computing becomes affordable and mainstream.
Steve Tcherchian
CISO, XYPRO
Spencergarret Fernandez
Quantum security is a subject that’s quickly gaining traction, and a new Forrester Research report highlighting its significance shouldn’t be ignored. With quantum computing still in its formative stages, the possibility of depending on current encryption methods to combat them might well be an actual threat to information security, especially for companies handling sensitive or critical information.
However, while the threat is real, we’re still in the early stages of quantum computing, and the timeline for it to become a significant threat to traditional cryptography is still unclear. That said, preparing for this future by researching and developing quantum-resistant encryption algorithms makes sense, and it’s important for businesses to stay ahead of the curve. So yes, believe the hype, but balance it with cautious optimism and strategic planning.
The real value in this report is that it makes organizations think about the next generation of cybersecurity, even if that is something that will not be important tomorrow.
Spencergarret Fernandez
Founder & CEO, SEO Echelon
Antony Marceles
Quantum Security Is No Longer Theoretical: I believe the hype around quantum security is not only warranted, it’s overdue. From my perspective in the tech industry, quantum computing poses a very real threat to traditional encryption methods, and it’s not just a future problem.
The concept of “harvest now, decrypt later” is already in play, where sensitive data is being collected today in anticipation of future quantum breakthroughs.
At Pumex, we’ve started exploring post-quantum cryptography standards to future-proof our systems and ensure our clients’ data stays protected in a quantum-accelerated world.
Preparing Today for Tomorrow’s Threats: While the general public may still see quantum security as sci-fi, we as tech leaders have a responsibility to get ahead of it. Forrester’s report is a wake-up call for companies still relying solely on classical encryption and outdated key management strategies. It’s not just about protecting data, it’s about maintaining trust.
I think the organizations that start building quantum resilience now through hybrid cryptographic models and robust zero-trust frameworks, will be the ones best positioned to navigate the disruption when it arrives in full.
Antony Marceles
Founder, Pumex
Martin Needs
I believe the hype is justified. Quantum security addresses real threats posed by quantum computing to current encryption systems. While it’s still evolving, preparing now is smart—especially for organizations handling sensitive data.
Martin Needs
Founder & CEO, Cyber Compliance
On behalf of the Techronicler community of readers, we thank these leaders and experts for taking the time to share valuable insights that stem from years of experience and in-depth expertise in their respective niches.
If you wish to showcase your experience and expertise, participate in industry-leading discussions, and add visibility and impact to your personal brand and business, get in touch with the Techronicler team to feature in our fast-growing publication.
