Quantum Threats Loom: What Tech Experts Think of Forrester’s Report
Quantum security has emerged as a pressing concern for organizations worldwide, with a new Forrester Research report titled “Quantum Security Isn’t Hype — Every Security Leader Needs It” urging leaders to act now, despite quantum computers capable of breaking traditional encryption being 5 to 10 years away.
The report, published in March earlier this year, highlights the real threat of “harvest now, decrypt later” attacks, where hackers stockpile encrypted data for future decryption, a strategy already in use.
As global cybersecurity faces a 4.8 million talent gap (SHRM, 2025) and 61% of firms worry about unpreparedness for quantum risks (ZDNET, 2023), the stakes are high.
We asked tech leaders and experts to respond to the query:
“Believe the hype about Quantum Security,” says a new Forrester Research report. Your thoughts?
Their perspectives—ranging from calls for immediate crypto-agility to skepticism about the timeline—offer a nuanced view of how to prepare for a quantum future while addressing today’s security challenges.
Read on!
Anders Indset
Quantum Security is an Immediate Priority, Not a Distant Concern
- The NIST release of three PQC standards in August 2024 (ML-KEM, ML-DSA, SLH-DSA) provides a clear foundation for organizations to adopt quantum-resistant cryptography now (some 250.000 companies have been identified by the U.S. Government as critical infrastructure needing a near term upgrade).
- “Harvest now, decrypt later” attacks mean sensitive data collected today (e.g., financial records, health data, intellectual property) could be decrypted in 5–10 years (max) when quantum computers mature, making proactive migration critical.
- Companies like IBM, Google, and Amazon are already integrating PQC into their offerings, signaling market readiness and competitive pressure to act swiftly. Players like Terra Quantum AG offer solutions already today.
Business Opportunity: A Multi-Billion-Dollar Market
- The quantum security market encompasses PQC algorithms, quantum key distribution (QKD), cryptographic inventory tools, certificate management, and cryptoagility solutions.
- Market size estimates vary, but reports project the global quantum cryptography market to grow from $1.1 billion in 2024 to $5–10 billion by 2030, with a CAGR of 25–40% (e.g., MarketsandMarkets, 2023).
- Opportunities span industries: financial services (secure transactions), healthcare (patient data protection), government (classified communications), and critical infrastructure (energy, telecom).
- Vendors offering PQC-compliant solutions (like Terra Quantum AG), consulting, and managed services will see significant demand as organizations overhaul systems for cryptoagility.
Timeline: Act Now, Iterate Over 5–10 Years
- Short-term (2025–2027): Organizations should inventory cryptographic assets, prioritize high-risk systems (e.g., VPNs, TLS protocols), and begin piloting PQC algorithms. Early adopters gain a competitive edge and regulatory compliance.
- Medium-term (2027–2030): Widespread migration to PQC across cloud, on-premises, and SaaS platforms, driven by NIST deadlines (e.g., U.S. federal agencies targeting 2035 for full transition) and industry mandates.
- Long-term (2030–2035): Quantum security becomes the default, with QKD and hybrid PQC-classical systems standard for ultra-sensitive use cases. Quantum computing advancements may accelerate this timeline.
- Personal Prediction – Rapid Quantum Progress ahead: Breakthroughs in qubit stability and error correction (e.g., Google’s Willow chip, Microsoft Majorana and the silent ‘breakthrough’ that might be underestimated: Ocelot by AWS) suggest quantum computers could break RSA-2048 encryption as early as 2030, not 2035, pushing the urgency for PQC adoption to now.
Software Development and Ecosystem Growth
- Quantum software ecosystems (e.g., Qiskit, Cirq) are maturing alongside hardware, enabling faster algorithm development and testing. This accelerates both quantum computing capabilities and the need for quantum-safe countermeasures.
- Cryptoagility requires software vendors to embed flexible cryptographic libraries (e.g., OpenSSL, Bouncy Castle) that can swap algorithms without major rewrites, creating opportunities for DevSecOps tools and services.
- Personal Prediction – The software side will outpace hardware in the near term, driving demand for quantum security solutions as developers integrate PQC into applications faster than quantum computers scale to cryptographically relevant sizes.
Market Drivers and Challenges
- Drivers: Regulatory mandates (e.g., U.S. National Security Memorandum 10, EU’s cybersecurity directives), cyber insurance requirements, and third-party compliance needs will force organizations to invest in quantum security.
- Challenges: Legacy system upgrades are costly and complex; small and medium enterprises may lag due to resource constraints. Talent shortages in quantum and cryptography expertise could also slow adoption.
- Opportunity: Companies offering turnkey PQC solutions, training, and integration services will bridge these gaps, capturing significant market share.
In Short – My Perspective on the Hype and Urgency
- The hype around quantum security is justified—not because quantum computers are imminent, but because the stakes of inaction are catastrophic. A single decrypted dataset could cost billions in damages (e.g., Equifax breach, $4B+ in losses).
- Rapid quantum progress is plausible. Advances in logical qubits and fault tolerance could shrink the 5–10-year window to 3–7 years for cryptographically relevant quantum computers.
- Quantum security isn’t just about defense; it’s a strategic enabler. Early adopters will build trust with customers, meet compliance ahead of deadlines, and position themselves as leaders in a post-quantum world.
Anders Indset
Business Philosopher & Author, Business Philosopher
Mike Chappell
Quantum computing may still feel like something too farfetched for many small businesses, but its potential to break current encryption methods is real.
A lot of companies operate with sensitive customer data, financial transactions, intellectual property, etc. And even if (most likely) quantum-safe algorithms aren’t urgent for all businesses today, ignoring them entirely could lead to real exposure in the future.
And in any case, implementing quantum security will never give you a negative effect. It’s a serious enhancement in the eyes of your customers, your investors and other industry group organizations.
The more companies will turn to quantum security, the more investors will search to demonstrate proof of cryptoagility. So, it’s always better to be prepared for it in advance.
Mike Chappell
Co-founder & CEO, FormsPal
Amit Basu
The Forrester report’s recommendation to “believe the hype” around quantum security is both timely and justified. While cryptographically relevant quantum computers may still be years away, the security implications are already very real—especially for sectors where data confidentiality must be preserved long-term, such as finance, healthcare, critical infrastructure, and national security.
One of the most pressing concerns is the rise of “harvest now, decrypt later” attacks, where adversaries are capturing encrypted data today with the intent to break it once quantum capabilities emerge. This makes it imperative for organizations to begin preparing now, not when the threat becomes immediate.
Fortunately, the landscape is shifting in a proactive direction. The U.S. National Institute of Standards and Technology (NIST) has finalized several post-quantum cryptographic (PQC) algorithms, and major technology vendors are starting to incorporate them. This enables early testing, risk-based deployment, and crypto-agility planning—well before large-scale migration becomes mandatory.
To prepare effectively, organizations should:
- Conduct a comprehensive cryptographic inventory across IT, OT, and supply chains.
- Develop a crypto-agility strategy to ensure cryptographic components can be updated with minimal disruption.
- Begin pilot implementations of PQC in lower-risk environments to gain familiarity.
- Engage vendors and partners to understand their quantum readiness roadmap.
While the quantum threat isn’t imminent, the transition effort is non-trivial and time-consuming.
Believing the hype isn’t about fear—it’s about foresight. The organizations that start now will be better positioned for compliance, resilience, and trust in the quantum era.
Amit Basu
Vice President, CIO & CISO, International Seaways
Sanju Zachariah
Quantum security is real, not just hype: it’s the future.
Quantum Computing will lead to the challenge of the traditional encryption method and render the existing security measures as obsolete as time passes.
The need for a timely, strategic response is underscored by a call-out in a recent Forrester Research report that urges organizations to begin making that leap now by investing in future-proofing technology like quantum-resistant encryption and post-quantum cryptography to protect sensitive information from the looming threat.
Although it may feel distant, transition planning for quantum-safe systems has to begin today — particularly in sectors where sensitive information is common, such as finance, health care and government.
Failure to heed this shift could leave systems vulnerable to quantum computers when they are able to break the encryption algorithms of today.
The hype is real, but it’s supported by emerging tech and its potential to significantly change the security landscape.
Sanju Zachariah
Founder & CEO, Portiva
Paul Baka
I’ve been reading those Forrester quantum security reports and my main takeaway is clear: quantum security isn’t some distant-future hype—it’s a very real and pressing issue for every security leader today, including myself here at SSLTrust.
The “harvest now, decrypt later” threat is not theoretical. It’s already changing how we think about data protection. What we encrypt today could be compromised tomorrow if we don’t act now.
To me, cryptoagility is essential. The ability to quickly pivot and upgrade our cryptographic systems isn’t just a technical nice-to-have—it’s a foundation. The work NIST is doing on Post-Quantum Cryptography (PQC) standards is the way forward and the fact that major vendors are already baking PQC into their products shows how serious this is getting.
Don’t delay. The transition to PQC will take time—time we won’t have later if we don’t start now. That means we need to assess our cryptographic footprint, talk to vendors about their roadmaps and make sure we’re ready for compliance and security demands that are just around the corner.
For SSLTrust and our clients, quantum resilience will touch every layer—from infrastructure and certificates to software and partner ecosystems. It will shape our investment priorities and how we evaluate security across the board.
Ultimately these reports are a wake up call. As part of the Australian security industry we need to get informed, get agile and get moving. At SSLTrust this isn’t just a technical issue—it’s part of the trust we build with our customers every day.
Max Shak
As the Founder and CEO of nerDigital, I’ve been keeping a close eye on the developments surrounding quantum security. The hype around it, as indicated in the recent Forrester Research report, is certainly well-founded. Quantum computing has the potential to revolutionize not just the speed and power of computing, but also the very fabric of cybersecurity itself. But before we dive into why the hype is justified, it’s important to acknowledge that this is still an emerging field.
Quantum computers will eventually be capable of solving problems that would take classical computers centuries to solve. This includes breaking the encryption protocols that protect everything from financial transactions to private communications. Current encryption methods, such as RSA and ECC (Elliptic Curve Cryptography), rely on the difficulty of factoring large numbers or solving complex mathematical problems. However, a sufficiently powerful quantum computer could solve these problems almost instantaneously, rendering traditional encryption obsolete.
So, why is this such a big deal? The main reason is that so much of our global digital infrastructure relies on encryption for its security. If those encryption standards can be cracked, it would expose critical data, intellectual property, and potentially even national security to unprecedented risks. We’re talking about the possibility of a quantum-powered cyberattack that could break into systems, steal data, and disrupt entire industries.
That said, the big question isn’t whether quantum computing will eventually pose a threat to our cybersecurity—it’s when this will actually happen. We’re not there yet. While researchers are making strides in quantum computing, it’s still in its infancy. Right now, quantum computers are far from being able to break existing encryption standards on a large scale. But we are already seeing discussions around the development of quantum-safe encryption algorithms, which will be essential to safeguarding our systems against this future threat.
From a practical perspective, businesses should start preparing for quantum security now, even though the threat is not immediate. It’s crucial to begin considering the implications of quantum computing and stay informed about developments in quantum-safe cryptography. Forward-thinking companies are already working with experts to create new cryptographic methods that will be resistant to quantum computing. This is an area where proactive leadership will be key.
In conclusion, the hype around quantum security is definitely justified. The potential risks to data protection from quantum computing are very real, but it’s important to remember that we have time to prepare. By embracing the emerging field of quantum-safe encryption and staying ahead of the curve, businesses can protect themselves from the inevitable quantum age of cybersecurity. As always, being proactive is the best approach.
Max Shak
Founder & CEO, nerDigital.com
Deepak Shukla
There is a drumbeat developing around quantum security, but it’s prudent to be cautious of the hype.
Quantum computing promises transformational capabilities, particularly in terms of encryption and data security. While interesting, we are still early in figuring out how quantum security will play out in the real world. Making the case for the capabilities of quantum computers to solve traditional encryption is compelling, but we aren’t quite there in terms of having these technologies built out or widely available.
With that said, quantum security isn’t really future thinking. Organizations ought to start planning for the future by understanding quantum-resistant cryptography and using the protocols being developed today.
While we aren’t near any kind of mainstream quantum computing, it still makes sense to stay curious and begin to find some arrangements to be positioned for early movers. The truth probably lies somewhere between the promise of quantum computing and the understanding that much of quantum computability is speculative for the moment.
Mark Niemann
Quantum computers have the potential to break RSA and ECC encryption, which currently secure most of our internet traffic.
The hype around quantum security is warranted. Preparing for a post-quantum future requires immediate action by enterprises and governments alike.
Post-quantum cryptography is in active development, and organizations need to start implementing transition strategies to ensure long-term data protection.
There will be a competitive advantage for companies that proactively adopt quantum-resistant solutions now.
While we’re not there yet with large-scale quantum attacks, complacency is not an option given the “harvest now, decrypt later” threats.
I fully support the urgency outlined in the Forrester report. Quantum security is not just a tech upgrade—it’s a survival imperative in a future driven by data integrity and trust.
Mark Niemann
Founder, MeinOffice
On behalf of the Techronicler community of readers, we thank these leaders and experts for taking the time to share valuable insights that stem from years of experience and in-depth expertise in their respective niches.
If you wish to showcase your experience and expertise, participate in industry-leading discussions, and add visibility and impact to your personal brand and business, get in touch with the Techronicler team to feature in our fast-growing publication.
