
Quantum computing has captured everyone’s imagination, be it CISOs, security practitioners, or tech enthusiasts in general. But while the tech world is excited by quantum’s potential, these discussions somehow find themselves drifting towards existential threats to modern encryption and the future of cybersecurity.
The truth is that the potential – and risks – of quantum computing are still largely confined to the domain of specialist research. The technology requires highly specialised infrastructure and functioning quantum chips, something that we don’t yet have in abundance. Further, perhaps more importantly, it needs an elite, scarce skill base that is capable of developing and maintaining these systems. This means that meaningful access right now is limited to a handful of nation-states, technology giants, and well-funded research laboratories. Therefore, for most enterprises, the threat is not imminent but rather distant.
The concern CISOs have is not unfounded. Quantum computing is a rather powerful technology development that we are heading towards. While AI still relies on classical bits running on silicon, quantum computing leverages quantum phenomena like superposition and entanglement (qubits). While CPUs process tasks sequentially across multiple cores and GPUs can manage millions in parallel, quantum computing uses quantum interference to explore probabilities and cancel out wrong answers and amplify correct ones, offering exponential speedups for specific problem types such as factoring, optimisation, and simulation.
The rush for post-quantum research
So what are the implications of this level of computational power? In cybersecurity, for instance, today’s encryption methods rely mainly on prime number factorings; a process that would take classical computers hundreds of years to accomplish. A quantum computer running Shor’s algorithm – a quantum algorithm developed by applied mathematician, Peter Shor, that factors large integers exponentially faster than known classical algorithms – could reduce the time from centuries to a practically feasible timescale, effectively rendering modern encryption obsolete.
It is this possibility that we see a rise in post-quantum security research, and governments and enterprises are exploring encryption models that are resistant to this enormous computational capability. The most compelling argument for why institutions are already preparing for this threat is the concept of Harvest Now, Decrypt Later (HNDL). Nation-state threat actors are already intercepting and storing encrypted network traffic that they cannot yet read. They are banking on acquiring a sufficiently powerful quantum computer in the future to crack this historical data. This is a genuine concern because data like government secrets, health records, and intellectual property can remain extremely sensitive for more than a few decades, which falls within the 10-20 year window for quantum capability advancement that is being projected currently. Any organisation handling data with long-term sensitivity is technically already inside the threat window. In fact, intelligence agencies, including the UK’s NCSC (National Cyber Security Centre) and the US’ NSA (National Security Agency), have publicly acknowledged this harvesting as a credible threat vector. The decision to act on post-quantum cryptography (PQC) is therefore dependent on the data you are transmitting today and how sensitive it will remain in a decade.
However, framing quantum entirely as an immediate cybersecurity crisis is misleading. The barriers to entry are extremely high. Building stable quantum infrastructure is extraordinarily complex, and the expertise required to run and programme these machines is scarce. Until these constraints change, quantum-enabled cyberattacks remain largely theoretical for most organisations.
In that sense, quantum has become something of a red herring for today’s CISOs: an important impending risk, but we have a different battle to win right now.
AI-driven cyber warfare is here now (and to stay)
While quantum computing is still up for debate, a far more immediate transformation in cyber threats is already underway: AI-driven cyberattacks, which operate continuously, learning from each attempt, and exploiting vulnerabilities faster than humans can patch them. Without human interference, AI systems probe networks, test vulnerabilities, and refine strategies with every failed attempt. In effect, attackers are now operating at machine speed.
This means that we now have an imbalance as security teams still rely heavily on human-led processes for finding vulnerabilities, deploying patches, and responding to incidents. In contrast to this, AI attackers can scan and exploit weaknesses across endless digital environments in seconds. Millions of potential targets are being attacked simultaneously with coordinated campaigns. No rest needed, no human errors made in execution, and it operatesautonomously for extended periods without intervention.
This is where the real cybersecurity challenge lies today. The danger is not a quantum computer that might crack encryption decades from now. It is AI systems actively learning how to breach organisations faster than we, as defenders, can respond.
Quantum or quantum-inspired?
We do not diminish the long-term significance of quantum computing. In fact, its potential extends far beyond cybersecurity. We’re entering what many call the intelligence economy, where industries are in pursuit of artificial general intelligence; systems capable of human-level cognition and beyond. In the future, we can expect incredible potential in medicine, climate change, and space exploration through this combination of AI and quantum systems.
But it is important to recognise that not every problem requires a quantum computer.
In fact, most problems can be addressed through quantum-inspired computing, which uses quantum-derived mathematical techniques to outperform conventional classical computers on certain problems without the cost or fragility of a true quantum system. For instance, digital annealing technology provides mathematical optimisation techniques that test millions of variable combinations simultaneously. In fields like drug discovery, this allows researchers to test enormous molecular combinations in a fraction of the time it used to take, accelerating breakthroughs that could once take more than a decade.
The highlight is that the value of quantum ideas can often be realised without waiting for fully mature quantum machines.
Action for CISOs: focus on the fundamentals
For security leaders, the lesson is clear. Preparing for the post-quantum era is forward-looking, but the immediate threat should not be overshadowed.
Instead of focusing just on preparation for the quantum world of tomorrow, it is important to build resilience against AI-enabled attacks today. Strengthen your core data protection practices. Ensure that your sensitive data is encrypted, segmented, and monitored throughout its lifecycle. Use identity and access management as a frontline defence. AI attacks increasingly target credentials and identity infrastructure. So we need stronger authentication models, privileged access policies, and continuous verification of user behaviour.
Lastly, network segmentation and zero-trust architecture can dramatically reduce the blast radius of an attack. These are foundational controls that will not only prevent today’s AI threats, but also make you resilient against future quantum-enabled attacks.
In the long run, the convergence of AI and quantum computing could reshape entire industries. But for now, the focus must stay grounded: building trust, protecting data, and preparing both businesses and citizens for the realities of a post-quantum world.



