Enterprises Lack Readiness for Quantum Cybersecurity Risks
In the digital landscape of North America and Europe, nearly half of organizations are not adequately prepared for quantum cybersecurity threats, with mid-sized enterprises appearing particularly vulnerable[1][2]. As of mid-2025, only about 42% of cybersecurity leaders report actively addressing quantum risks, while others delay action until threats become more immediate or follow others' lead[1][2].
To tackle these challenges, the U.S. government is advancing legislative measures such as the National Quantum Cybersecurity Migration Strategy Act introduced in August 2025. This bipartisan bill directs federal agencies to develop coordinated roadmaps for migrating to post-quantum cryptography (PQC) and mandates pilot deployments of quantum-resistant encryption in critical infrastructure sectors by 2027[3][4].
Experts highlight that quantum computing will render classical public-key cryptography obsolete, threatening the foundational security infrastructure of digital systems[1][2]. Companies taking the transition seriously are more than twice as likely to be implementing protective measures compared to those downplaying the risk[1][2].
The National Cyber Security Centre (NCSC) published a timeline for organizations to prepare for quantum threats, with large organizations expected to have identified which cryptographic services need upgrades and created a migration plan by 2028[5]. Enterprises should carry out high-priority upgrades by 2031, refining their plans as PQC evolves, according to the NCSC timeline[5]. By 2035, organizations should have migrated completely to PQC for all systems, services, and products[5].
While awareness of quantum cybersecurity threats is growing, actual readiness lags behind, prompting calls for more urgent and strategic action to future-proof critical digital assets before the arrival of cryptographically relevant quantum machines[1][2][3][4]. The C-suite and board members are increasingly involved in PQC preparedness, with cybersecurity teams leading the charge in nearly half of companies[6]. However, lack of skilled personnel, limited time, and competing priorities remain challenges[6].
On a positive note, 49% of organizations expect reduced cyber insurance premiums due to quantum preparedness[7]. Additionally, a competitive edge and enhanced customer trust are motivations for addressing quantum cybersecurity threats, each cited by 48% of organizations[8]. As the digital world continues to evolve, it is crucial for organizations to prioritize quantum preparedness to safeguard their digital assets and maintain trust with their customers.
References: 1. Quantum Computing and the Future of Cybersecurity 2. Quantum Cybersecurity: What CISOs Need to Know 3. National Quantum Cybersecurity Migration Strategy Act 4. U.S. Government Advances Quantum Cybersecurity Preparedness 5. NCSC Quantum Timeline 6. Challenges in Quantum Preparedness 7. Quantum Computing and Cybersecurity Insurance 8. Motivations for Quantum Cybersecurity Preparedness
- To brace themselves against imminent quantum cybersecurity threats, businesses must invest in post-quantum cryptography (PQC), a technology that aims to protect digital systems from quantum computing.
- Amidst the push for future-proofing digital infrastructure, finance plays a crucial role in funding cybersecurity initiatives designed to combat quantum threats.
- The shift to PQC involves data-and-cloud-computing upgrades and the evolution of technology, making it a significant task for mid-sized enterprises and large organizations alike.
- With cybersecurity leaders advocating for quicker action, businesses must prioritize quantum cybersecurity in their overall business strategies and not merely view it as a technical issue.
