No hype, just hard reality: experts warn that quantum computers will crack today’s encryption – and most companies are not prepared.
It sounds like science fiction, but it has long been a bitter reality: on World Quantum Day 2026, leading cybersecurity experts are sounding the alarm. Quantum computers will soon be able to tear down the cryptographic defenses on which the entire digital economy rests. RSA, Diffie-Hellman, Elliptic Curve Cryptography – all of these methods that today protect banking data, patient records, and state secrets could be rendered obsolete by 2030. Those who don’t act now are playing Russian roulette with their most sensitive information.
Roger Grimes, CISO Advisor at KnowBe4, cuts to the chase: ‘If companies don’t currently have a post-quantum project, they are behind and urgently need to at least get one started.’ The so-called Q-Day – the moment when quantum computers can reliably break classical encryption – is no longer an abstract scenario found only in academic journals. The brightest minds and most significant technology companies in the world now assign a real probability to a window closing by 2030. And a post-quantum project is not a quickly deployed software update: it will, according to Grimes, be among the most important and demanding undertakings a company has ever faced.
Yet the reality in most organizations is sobering. Many don’t even know where their critical data resides – let alone which cryptography protects it. Without this foundation, any migration strategy is built on sand. Grimes therefore recommends a comprehensive inventory of the data security landscape as the very first concrete step: Which systems rely on quantum-vulnerable encryption? What can be updated, and what needs to be replaced entirely? Companies should also immediately update their procurement policies to stop purchasing software or hardware that would complicate future post-quantum projects. A simple test: at the next vendor meeting, simply ask whether the product is already post-quantum-ready – and if not, when it will be.
Chris Harris, EMEA Technical Director at Thales Data & Application Security, shines a light on a particularly troubling attack strategy: ‘harvest now, decrypt later.’ Attackers are already collecting encrypted data on a large scale and patiently waiting until quantum computers are powerful enough to decrypt it retroactively. Data stolen today in a breached database could be fully readable in five or ten years. According to the Thales Data Threat Report, 61 percent of IT security leaders surveyed identify exactly this scenario as their greatest quantum risk. The threat is no longer theoretical – it is a strategic time bomb.
Particularly alarming: only 34 percent of those surveyed in the Thales report have complete visibility into where their data is actually stored. Fewer than half of sensitive cloud data is encrypted. This reveals a dangerous gap between awareness and action. Encouragingly, nearly six in ten companies are already experimenting with post-quantum cryptography – but experimenting alone is not enough. The real Herculean task is to structurally embed crypto agility, modernize key management, and fully map cryptographic dependencies across increasingly complex cloud environments. Harris sums it up: ‘Preparing for a post-quantum world is not a one-time upgrade – it is a transformation of the fundamental way companies approach data security.’
Jon France, CISO of ISC2, urges nuance. Quantum computing is often dramatized as a singular breakthrough, but the reality is more complex: we are heading toward a hybrid world in which classical computing, quantum systems, and artificial intelligence each play different roles depending on the task at hand. Until a commercially available universal quantum computer truly exists, application areas will remain highly specialized. Nonetheless: ‘The timeline to Q-Day is shrinking, and the risk of harvest-now-decrypt-later attacks is already forcing companies to think differently about protecting long-term stored data.’
France raises another aspect that often gets lost in the debate: it’s not only about technology, but about governance. Quantum computing may not be today’s security risk – but insufficient preparation for post-quantum cryptographic solutions could become tomorrow’s governance failure. Those who miss the moment when the course must be set will not be able to make up for it.
The message from all three experts is unequivocal: World Quantum Day 2026 is not an occasion for futuristic daydreaming but an urgent wake-up call. Technology is evolving faster than corporate culture. Security leaders must engage executive management and the board right now, secure budget, and deploy dedicated resources for post-quantum projects. Companies that act early will avoid disruption – all others will experience it.
Dr. Jakob Jung is Editor-in-Chief of Security Storage and Channel Germany. He has been working in IT journalism for more than 20 years. His career includes Computer Reseller News, Heise Resale, Informationweek, Techtarget (storage and data center) and ChannelBiz. He also freelances for numerous IT publications, including Computerwoche, Channelpartner, IT-Business, Storage-Insider and ZDnet. His main topics are channel, storage, security, data center, ERP and CRM.
Contact via Mail: jakob.jung@security-storage-und-channel-germany.de